Imagine listening to a podcast or watching a video when hidden sounds slip past your ears. These sounds carry secret commands aimed at your AI voice assistant. You can’t hear them, but your AI can—and it obeys.

Researchers have uncovered a new kind of cyberattack. It uses inaudible audio signals embedded in everyday media. These signals trick AI voice models into executing unauthorized commands. The attack works on popular AI assistants, smart speakers, and transcription tools.

This method, called AudioHijack, hides malicious instructions inside normal audio clips. To humans, the audio sounds natural—just music or speech. But AI systems read the hidden commands as if someone spoke them aloud. That means hackers can make your AI do things without your knowledge.

How AudioHijack Works

AudioHijack exploits how AI voice assistants process sound. These AI systems convert audio into digital tokens, then interpret those tokens as commands or questions. Attackers manipulate the audio waveform just enough to embed secret instructions.

The process takes about 30 minutes to create a special signal that works repeatedly. It doesn’t matter what the user says or the audio context. This one signal can hijack the AI model anytime it plays the audio.

Since many voice AI models share similar architectures, the attack works across multiple platforms. Researchers tested it on 13 open-source models and commercial services from Microsoft and Mistral. The attacks succeeded between 79% and 96% of the time.

Real-World Risks and Examples

This attack is more than a lab experiment. It could happen in everyday situations. Imagine a hacker embedding AudioHijack signals into a popular podcast. Your AI assistant automatically summarizes or interacts with that podcast. Without you noticing, it could start sending your data to attackers.

Or picture a Zoom meeting where an attacker’s microphone carries hidden commands. The AI meeting assistant might then leak sensitive information or trigger actions no one authorized. Smart home devices are also at risk. A hidden signal in a TV ad or YouTube video could manipulate your AI assistant to unlock doors or change settings.

The danger grows as AI assistants gain deeper integration with web applications, IoT devices, and enterprise tools. These systems often have access to personal data, calendars, emails, and even financial information. An invisible audio attack could cause serious harm.

Why Defenses Are Failing

Current AI safety measures struggle against these attacks. Defenses like prompt filtering or self-reflection reduce attack success by only 7% to 28%. That means most hidden commands go unnoticed.

One detection method involves monitoring the AI’s internal attention mechanisms. This approach catches some attacks but not all. Skilled hackers can adjust their signals to avoid detection, keeping their success rate high.

Part of the problem is that humans can’t hear these signals. Traditional security tools are designed for visible threats like suspicious text or malware. Audio-based attacks slip under the radar because they hide in plain sound.

The Bigger Picture and What’s Next

Many commercial AI voice systems rely on open-source components. That means a weakness found in one open model often spreads to others. Companies like OpenAI and Anthropic use proprietary architectures, making attacks harder but not impossible. Shared audio encoders may still provide a way in.

As AI evolves to handle images, video, and other sensor data, the attack surface expands. Voice AI is just the start. Future attacks might exploit other hidden signals in different media.

This raises urgent questions for businesses and regulators. Should voice AI systems face mandatory security audits? Should companies add real-time monitoring for adversarial audio? The EU AI Act already demands risk management, but new rules may be needed to cover these invisible threats.

For now, if you use AI voice assistants at work or home, be cautious. Organizations should audit their AI pipelines carefully. One practical step is to add filters that inspect transcribed text before passing it to AI models. This can catch many hidden commands before damage occurs.

The era of adversarial audio attacks has begun. These silent threats challenge the trust we place in AI systems. Without better defenses, hackers can quietly control AI assistants and access your data—all while you hear nothing.