Papers
Topics
Authors
Recent
Search
2000 character limit reached

Voice-Based AI Agents

Updated 25 February 2026
  • Voice-Based AI Agents are systems that combine speech recognition, natural language understanding, dialogue management, and text-to-speech for real-time conversational interactions.
  • Modern architectures use either modular pipelines or unified models to achieve low-latency, context-aware, multimodal performance driven by large language models.
  • Applications span healthcare, customer support, and telesales, with integrated retrieval-augmented generation and tool-execution capabilities enabling agentic, real-world operations.

A voice-based AI agent is a system that autonomously understands, reasons, and acts through spoken communication—integrating automatic speech recognition (ASR), natural language understanding (NLU), dialogue management (DM), and text-to-speech (TTS) in a closed or streaming-loop with at least partial real-time capability. Recent advances center on large (multi-modal) LLMs serving as the core policy engine, enabling highly context-sensitive, flexible, and open-domain speech interaction. These agents increasingly operate as end-to-end, low-latency, multimodal pipelines, often with tool-execution capability, retrieval-augmented knowledge access, or situated in high-stakes applications such as healthcare, customer support, and autonomous data collection.

1. Architectural Foundations and System Design

Modern voice-based AI agents adopt either modular pipeline or unified foundation model architectures. Classic pipeline systems run ASR to transcribe speech, NLU/DM (often LLM-driven) to interpret and plan actions, and TTS to synthesize responses (Jain et al., 9 Oct 2025, Shi et al., 5 May 2025, Ethiraj et al., 5 Aug 2025). This modular design allows subcomponent upgrades but remains susceptible to compounding errors—e.g., ASR misrecognitions propagating downstream—or latency inflation if not carefully optimized via streaming and batching.

Unified approaches—exemplified by systems such as Voila—jointly model audio and text using hierarchical multi-scale transformers that tokenize both text and audio streams in a single model trained with next-token prediction objectives across modalities (Shi et al., 5 May 2025). This enables direct, low-latency voice-to-voice and multimodal interactions, bypassing intermediate text as a necessary representation and supporting hierarchical reasoning on both semantic and acoustic features.

Streaming and concurrency are crucial for interactivity. Leading architectures employ concurrency at every stage: ASR transcribes in streaming mode, LLM dialogue policies act upon incremental transcripts, and TTS synthesizes as tokens or sentences become available (Ethiraj et al., 5 Aug 2025, Purwar et al., 25 Sep 2025). Advanced pipelines achieve real-time factors (RTF) well below 1.0 over telecom-scale utterances (~0.147 end-to-end in (Ethiraj et al., 5 Aug 2025)), with sentence-level or sub-second time-to-first-audio.

Retrieval-Augmented Generation (RAG) for grounding answers and tool-execution APIs for actions (e.g., browser automation) are commonly integrated, enabling agents to perform complex task orchestration, including multi-step workflows or autonomous tool use (Fang et al., 2024, Ethiraj et al., 5 Aug 2025, Chen et al., 9 Jan 2026). A plausible implication is that voice agents are increasingly positioned for “agentic” scenarios—acting in the world, not only providing information.

2. Algorithms, Training, and Optimization

ASR modules in production-grade agents are built atop foundational models such as Whisper or telecom/healthcare-finetuned Conformer/CTC architectures (Ethiraj et al., 5 Aug 2025, Chen et al., 9 Jan 2026). They are often further fine-tuned on in-domain, multilingual, or code-switched data, achieving WERs as low as 8.5% (telecom, English) or 16% in code-switched Urdu/English maternal healthcare (Ethiraj et al., 5 Aug 2025, mustafa et al., 13 Dec 2025). VAD preprocessing and chunked streaming with language-conditional priors enable real-time inference and effective multilingual support (Chen et al., 9 Jan 2026).

Dialogue management and NLU are performed by LLMs—ranging from 7B to 2B parameter models, commonly quantized (e.g., TSLAM 4-bit (Ethiraj et al., 5 Aug 2025)) for edge deployment. They operate as joint planners and reasoners, sometimes taking in browser automation tool APIs or chain-of-thought reasoning as implicit action policies (Fang et al., 2024). Prompts are engineered for role conditioning, higher-order “jailbreaking” (evading refusals), or stage-by-stage behavioral control (Fang et al., 2024, Kaewtawee et al., 5 Sep 2025). In some pipelines, dynamic RAG modules provide context documents retrieved via vector or cosine similarity for in-context grounding (Chen et al., 9 Jan 2026, Ethiraj et al., 5 Aug 2025).

TTS modules increasingly leverage Residual Vector Quantization (RVQ) tokenization (e.g., CSM-1B, Voila-Tokenizer) (Shi et al., 5 May 2025, Purwar et al., 25 Sep 2025). Optimizing the number of RVQ iterations/codebooks controls the trade-off between latency (first-chunk under 640 ms at 16 iterations) and signal-to-noise ratio (SNR) or emotional expressivity. Deployment on GPUs enables RTFs as low as 0.4–0.8 in streaming mode (Purwar et al., 25 Sep 2025).

Unified voice-LLMs such as Voila achieve ASR, intent, and TTS generation with a single model leveraging hierarchical tokens, delivering full-duplex, persona-conditioned, emotionally expressive conversations with response latencies of 195 ms—surpassing typical human turn-taking (Shi et al., 5 May 2025). This suggests end-to-end modeling is central to future agents.

3. Agentic Capabilities and Application Domains

Voice-based AI agents are deployed in a diverse array of application stacks:

Application Domain Example System/Paper Specific Capability
Phone Scams & Security "Voice-Enabled AI Agents can Perform Common Scams" (Fang et al., 2024) Autonomous scam execution, tool use, system jailbreak
Healthcare (continuous, low-resource, patient-facing) Agent PULSE (Wen et al., 22 Jul 2025); System X (mustafa et al., 13 Dec 2025) Chronic disease monitoring, EMR generation, multilingual, clinician-in-loop
Telesales "Cloning a Conversational Voice AI Agent…" (Kaewtawee et al., 5 Sep 2025) Playbook-driven, stage-conditioned, real-time streaming sales calls
Customer Support/Telecom "Toward Low-Latency…" (Ethiraj et al., 5 Aug 2025); hospitality chatbots (Athikkal et al., 2022) Sub-second IVR, FAQ, RAG over RFCs/FAQs
Writing/Reflection Support "Voice Interaction With Conversational AI…" (Kim et al., 11 Apr 2025) LLM-driven dialogue reflection, higher-order feedback
Quantitative Survey Automation "AI Telephone Surveying" (Leybzon et al., 23 Jul 2025) Interview scripting, randomization, turn-taking policies

Across these domains, agents must satisfy domain-specific constraints, such as field-level accuracy for EMR (96.2%, System X (mustafa et al., 13 Dec 2025)), compliance with regulatory and privacy frameworks (HIPAA, GDPR, etc. (Wen et al., 22 Jul 2025)), or strict methodological rigor in survey randomization and question wording (Leybzon et al., 23 Jul 2025).

4. Limitations, Failure Modes, and Benchmarks

Empirical and benchmark-oriented assessments reveal substantive gaps. State-of-the-art monolithic or pipeline systems exhibit success rates of ~36% in complex scam enactment (Fang et al., 2024), with bottlenecks traced to ASR misrecognition of critical slot values (e.g., passwords, 2FA). Contextually complex workflows—particularly multi-step tool orchestration or adversarial robustness in non-English, non-Western contexts—show catastrophic failure rates (parameter filling 0–5% in Indian-language “Sequential-Dependent” tasks, VoiceAgentBench (Jain et al., 9 Oct 2025)).

End-to-end SpeechLMs trail ASR→LLM pipelines in parameter accuracy and safety refusal rates, especially in Indic and other low-resource languages (e.g., 2.94% refusal on harmful Hindi queries, compared to >49% for ASR-pipeline) (Jain et al., 9 Oct 2025). SpeechLMs also lose safety controls when transferred to new languages—posing regulatory and real-world deployment concerns.

Benchmarking frameworks such as VoiceAgentBench offer comprehensive task, multilingual, and safety evaluations, establishing tool selection, structure, and parameter-filling as independent metrics (Jain et al., 9 Oct 2025). Farthest point sampling of speaker embeddings is used to generate maximally diverse test audio pools, ensuring robustness to accent and voice quality.

5. Security, Adversarial Risks, and Governance

Voice-based AI agents are susceptible to multi-vector adversarial exploitation, including privacy leakage, privilege escalation, resource abuse, and behavioral attacks that bypass even data-level access controls (Li et al., 7 Feb 2026). Quantitative evidence shows Qwen2 Audio achieves privacy leakage rates as high as 27.8% under direct-access attacks, while query-access mitigation reduces leakage to 0 but privilege escalation and resource-abuse rates remain non-negligible.

Aegis operationalizes a layered defensive stack: (1) API/query-only interfaces limiting raw-record access, (2) policy-first system prompts enforcing output restrictions at the LLM layer, and (3) real-time behavioral score monitoring for off-policy drift (Li et al., 7 Feb 2026). This yields substantive but not complete reduction in risk. Continuous red-teaming and post-hoc auditability are presented as minimum design criteria for deployment in regulated environments.

Voice-enabled agents' dual-use potential is explicitly demonstrated in autonomous scam agents capable of full transaction pipelines—including credential and money exfiltration—raising the need for new detection, authentication, and policy control layers at both model and access-layer levels (Fang et al., 2024).

6. Human Factors, Cognition, and Interaction

Empirical studies reveal that voice-based interaction with LLM agents reduces cognitive load in complex tasks such as reflective writing, as measured by lower NASA-TLX scores and increased higher-order concern engagement (Kim et al., 11 Apr 2025), aligning with theoretical predictions from the comparative cognitive burden of speech vs. typing. Voice-based revision tools foster substantive, iterative, and higher-quality reflection versus text-based feedback, supporting the hypothesis of voice-mediated scaffolding toward higher-order reasoning.

In survey automation, voice AI interviewers approach human completion and satisfaction rates (up to 73% completion, 86% neutral-or-better experience) when question randomization, silence detection, and error recovery policies mirror human best practices (Leybzon et al., 23 Jul 2025).

Conversational style-matching via real-time prosody and linguistic feature extraction in voice agents does not yet produce significant improvements in subjective anthropomorphism or rapport, suggesting current statistical or rule-based adaptation is insufficient; deeper neural style modeling and end-to-end TTS modulation remain an open challenge (Aneja et al., 2019).

7. Design Principles and Best Practices

Robust architectural and interaction design principles converge around:

  1. Separation of ASR and LLM modules—to prevent resource contention and support modular upgrading (Chen et al., 9 Jan 2026).
  2. Streaming and concurrency at every stage—to sustain sub-second interactivity and responsiveness (Ethiraj et al., 5 Aug 2025, Shi et al., 5 May 2025).
  3. Retrieval-augmentation and schema grounding—to preserve factuality, enable domain extension, and enforce structured outputs (Chen et al., 9 Jan 2026, mustafa et al., 13 Dec 2025).
  4. Role and stage-conditioned prompts—for fine-grained behavioral scripting, especially in complex, multi-stage tasks (e.g., sales, healthcare) (Kaewtawee et al., 5 Sep 2025, Fang et al., 2024).
  5. End-to-end evaluation with task-specific benchmarks—covering multilingual, multi-tool, and safety dimensions (Jain et al., 9 Oct 2025).
  6. Security and policy enforcement by design—layered defense, explicit system-prompt governance, logging, and continuous adversarial assessment (Li et al., 7 Feb 2026).

Future research directions include diffusion-based acoustic models for emotion, large-scale weakly supervised multilingual expansion, and integration with cross-modal sensory signals for embodied conversation (Shi et al., 5 May 2025).

For more detailed methodological and empirical data on individual application classes and architectures, see "Voice-Enabled AI Agents can Perform Common Scams" (Fang et al., 2024), "Voila: Voice-Language Foundation Models for Real-Time Autonomous Interaction and Voice Role-Play" (Shi et al., 5 May 2025), and "VoiceAgentBench: Are Voice Assistants ready for agentic tasks?" (Jain et al., 9 Oct 2025).

Topic to Video (Beta)

No one has generated a video about this topic yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Sign Up to Generate

Follow Topic

Get notified by email when new papers are published related to Voice-Based AI Agents.

Sign Up to Follow Topic by Email