SoundBreak: A Systematic Study of Audio-Only Adversarial Attacks on Trimodal Models

Multimodal foundation models that integrate audio, vision, and language achieve strong performance on reasoning and generation tasks, yet their robustness to adversarial manipulation remains poorly understood. We study a realistic and underexplored threat model: untargeted, audio-only adversarial attacks on trimodal audio-video-language models. We analyze six complementary attack objectives that target different stages of multimodal processing, including audio encoder representations, cross-modal attention, hidden states, and output likelihoods. Across three state-of-the-art models and multiple benchmarks, we show that audio-only perturbations can induce severe multimodal failures, achieving up to 96% attack success rate. We further show that attacks can be successful at low perceptual distortions (LPIPS <= 0.08, SI-SNR >= 0) and benefit more from extended optimization than increased data scale. Transferability across models and encoders remains limited, while speech recognition systems such as Whisper primarily respond to perturbation magnitude, achieving >97% attack success under severe distortion. These results expose a previously overlooked single-modality attack surface in multimodal systems and motivate defenses that enforce cross-modal consistency.

Key Contributions

• Six complementary audio-only adversarial attack objectives targeting different stages of multimodal processing (encoder representations, cross-modal attention, hidden states, output likelihoods)
• Systematic evaluation across three state-of-the-art audio-video-language models, achieving up to 96% attack success rate at low perceptual distortion (LPIPS ≤ 0.08, SI-SNR ≥ 0)
• Analysis revealing that attack effectiveness benefits more from extended optimization than increased data scale, and that cross-model transferability remains limited

🛡️ Threat Analysis

Details

Similar Papers