Hidden Audio Signals Hijack Voice AI Systems with 79-96% Success Rate
New research presented at the IEEE Symposium on Security and Privacy reveals a practical attack vector against Large Audio-Language Models (LALMs). Attackers can embed imperceptible signals into audio clips to hijack model behavior, achieving a 79-96% average success rate across 13 leading open models, including commercial services from Microsoft and Mistral.
How the Attack Works
The modified audio clip is inaudible to human ears but triggers the model to execute hidden commands. Crucially, the attack works regardless of the user's accompanying instructions, making the same clip reusable against the same model multiple times. Training the adversarial signal takes approximately 30 minutes.
Exploited Capabilities
Researchers demonstrated that compromised models could be coerced into:
- Conducting sensitive web searches without user knowledge
- Downloading files from attacker-controlled sources
- Sending emails containing user data to external addresses
Affected Models
The attack was validated against 13 popular open-weight LALMs, including commercial voice AI APIs. This highlights that current voice AI systems lack robust safeguards against adversarial audio perturbations.
📖 Read the full source: HN AI Agents
👀 See Also
Static Analysis of 48 AI-Generated Apps: 90% Had Security Vulnerabilities
A developer scanned 48 public GitHub repos built with Lovable, Bolt, and Replit. 90% had at least one vulnerability. Common issues: auth gaps (44%), SECURITY DEFINER Postgres functions (33%), BOLA/IDOR (25%), and committed secrets (25%).
OpenClaw SOC Agent Integration for SIEM Home Lab Threat Hunting
A Reddit user shares their open-source SIEM setup called Red Threat Redemption on Debian 13, integrating Elasticsearch, Kibana, Wazuh, Zeek, and pfSense with Suricata, then adds an AI agent for automated threat correlation, hunting, and alert triage.
Malwar: A Vulnerability Scanner for SKILL.md Files Built with Claude Code
A developer has released Malwar, a free tool that scans SKILL.md files for malicious instructions using a 4-layer pipeline including a rule engine, URL crawler, LLM analysis, and threat intel. The tool was built entirely with Claude Code after the developer found concerning patterns like Base64 blobs and instructions to pipe curl output to bash in existing skills.
Security Audit Experiment Shows AI Agent Performance Depends on Knowledge Access
A developer ran three security audits on the same Next.js codebase using different AI approaches: Claude Code's built-in review found 1 critical, 6 high, 13 medium issues; an AI agent without extra context found 1 critical, 5 high, 14 medium; an AI agent with 10 professional security books found 8 critical, 9 high, 10 medium issues.