Hearing the Unspoken: Language Model Priors for Acoustic Adversarial Attacks

Researchers demonstrate a new adversarial attack called Semantic Gambit that exploits Large Language Models to significantly compromise real-time Automatic Speech Recognition systems. By leveraging predictive context from LLMs, the attack achieves a 35.6% Word Error Rate—three times higher than previously documented attacks—revealing a critical vulnerability in ASR pipelines that operate under temporal constraints.

This research exposes a fundamental vulnerability in real-time ASR systems that stems from their causal processing architecture. Real-time speech recognition systems must make transcription decisions with incomplete acoustic information due to strict latency requirements, creating an inherent information bottleneck. The Semantic Gambit attack circumvents this limitation by augmenting adversarial input with predictive context generated by Large Language Models, effectively providing the attacker with "future" information that the ASR system cannot access. This represents a meaningful escalation in attack sophistication, moving beyond purely acoustic exploitation to hybrid acoustic-semantic attacks.

The vulnerability highlights an emerging security gap at the intersection of ASR and LLM technologies. As organizations increasingly deploy real-time speech interfaces for voice authentication, command systems, and transcription services, these systems become attractive targets for adversaries. The use of commodity LLM tooling—widely available and low-latency—means attackers need not develop sophisticated custom models; they can leverage existing infrastructure to mount effective attacks.

For the industry, this work signals that ASR robustness evaluations must account for adversaries with access to modern language models, not just acoustic perturbations. Security-critical applications relying on voice-based interfaces may require additional verification mechanisms beyond transcription accuracy. The research suggests that the temporal constraints that previously protected ASR systems no longer provide sufficient defense when paired with external predictive models, necessitating fundamental architectural changes or supplementary safeguards in deployment scenarios where authentication or critical decisions depend on speech recognition.

• →Semantic Gambit attack uses LLM-derived context to triple the effectiveness of adversarial attacks on real-time ASR systems
• →Real-time speech recognition's temporal constraints, previously a security feature, can be circumvented using external predictive models
• →The attack demonstrates that commodity, low-latency LLM tools can be weaponized against speech-based security systems
• →Current ASR robustness evaluations may underestimate threat models that include access to language models
• →Voice authentication and critical speech-dependent systems require additional verification layers beyond transcription accuracy