Researchers at Zhejiang University have shown that large audio‑language models can be hijacked with imperceptible sounds. By tweaking waveforms, attackers craft clips that slip past human ears but trigger models to execute hidden commands. In tests, the method succeeds 79‑96% of the time against 13 open models, including Microsoft and Mistral services for consumer applications today and businesses everywhere now.

The team’s AudioHijack technique manipulates audio while leaving the user’s spoken instruction intact, letting attackers reuse a single clip across multiple sessions. Their optimization loop adjusts the waveform to maximize the model’s attention to the malicious signal, even when the user says something unrelated. This context‑agnostic attack bypasses standard defenses that flag only obvious malicious prompts in real world scenarios.

When applied to commercial services, AudioHijack coerces models into sensitive web searches, file downloads, and data‑leaking emails. Microsoft’s spokesperson said the company provides developers with safeguards, yet the attack shows that internal attention monitoring is the only reliable countermeasure. Until vendors adopt such defenses, everyday voice assistants remain vulnerable to silent, high‑success attacks in the future of AI interaction today.