What happened
Researchers developed "AudioHijack," a technique using imperceptible audio signals to force large audio-language models (LALMs) into executing unauthorized commands. This method, taking 30 minutes to train, achieved a 79-96% success rate across 13 leading open models, including commercial services from Microsoft and Mistral. It enables sensitive web searches, file downloads from attacker-controlled sources, and email exfiltration of user data. This attack exploits a critical LALM design flaw, manipulating audio data during processing without requiring full control over user instructions, per lead author Meng Chen.
Why it matters
This vulnerability exposes LALM-powered systems to covert command injection, shifting the security perimeter for voice-enabled applications. Security architects and platform engineers must now assume agentic workflows are untrusted, as imperceptible audio can bypass user intent and existing safeguards. The 79-96% success rate and 30-minute training time demonstrate a low barrier to entry for attackers. This follows recent findings where poetry bypassed AI safety controls, underscoring a pattern of novel input vectors compromising AI system integrity.
