Auditory prompt injection quietly takes command of AI voice assistants
Security researchers demonstrated AudioHijack, a proof-of-concept that hides covert instructions inside audio—podcasts, music, videos, or Zoom calls—to secretly command AI voice assistants and transcribers to perform actions like web searches, file downloads, or data exfiltration without user awareness. The technique works via tiny, inaudible tweaks that humans hear as normal sound but that AI interprets as commands, and it was effective against 13 open-source audio AIs with 79–96% success in tests, with potential transfer to commercial systems like Microsoft Azure and Mistral AI. Countermeasures such as training or intent verification only partially mitigate the risk, underscoring security implications for enterprise and consumer deployments; Microsoft acknowledged safeguards exist in real deployments.
