Researchers from China and Singapore have demonstrated a new type of cyberattack that uses inaudible audio signals to manipulate AI-powered voice assistants and chatbots.

The study, presented at the IEEE Symposium on Security and Privacy, shows how attackers can embed hidden adversarial audio commands into ordinary media such as podcasts, songs, or YouTube videos.While human listeners cannot detect these sounds, AI voice systems may interpret them as legitimate commands.

According to the researchers, the attack works by training a malicious audio signal that can consistently exploit a targeted AI model regardless of what the user is saying.Once created, the signal can be inserted into background audio content and potentially trigger unauthorized actions on connected devices.These actions could include accessing personal files, sensitive information, or connected online services.

Lead researcher Meng Chen explained that current defensive measures are ineffective because AI systems struggle to distinguish between legitimate voice input and carefully crafted adversarial signals.

The researchers also noted that the attack currently requires access to the underlying weights of the targeted AI model, limiting the method mainly to open-source systems.

However, the study found that some commercial products built on open-source models, including systems associated with Microsoft and Mistral, were also vulnerable.

Microsoft responded by stating that the research helps improve understanding of AI model resilience and emphasized that developers should implement additional security layers in real-world applications.

The findings highlight growing concerns about the security risks surrounding AI voice assistants and the broader challenge of protecting machine learning systems from adversarial attacks.