Attack Vectors

What and how generative AI techniques are used to deceive, impersonate and defraud.
Back to Attack Vectors

Voice replay attack

Audio
Corporate Fraud
Consumer Fraud

A voice replay attack captures genuine speech from the target and plays it back to defeat voice authentication or liveness checks. No AI generation is required; the attacker exploits trust in audio without needing to fake it.

Use cases: Identity verification & KYC · Live agent assist

How it works

  • Real audio is recorded covertly or pulled from public sources
  • The recording is played back through a speaker or injected into a call to satisfy an authentication prompt
  • Some systems can be fooled even when the prompt requires specific phrases, if attackers stitch together captured fragments

Where it shows up

  • Voice biometric authentication bypass at banks and contact centers
  • Liveness check failure during remote KYC and onboarding
  • Compounding attacks where replayed audio is processed through speakers and re-recorded to imitate real-world acoustics, masking synthetic artifacts that detectors usually flag
  • Pretext calls that use captured voicemail snippets to impersonate the target