Microsoft reveals Whisper Leak, a new side-channel attack that can infer the topics of conversations with encrypted language models by analyzing network traffic patterns. This vulnerability poses significant privacy risks for users and enterprises, especially when communicating sensitive information over untrusted networks. #WhisperLeak #LanguageModels #EncryptedTraffic
Keypoints
- Whisper Leak enables attackers to infer conversation topics by monitoring encrypted TLS traffic patterns.
- The attack remains effective despite HTTPS encryption and streaming-mode responses in large language models.
- Microsoft trained machine learning classifiers that achieve over 98% accuracy in identifying specific prompts.
- Organizations can mitigate risks by adding random text to responses, using VPNs, or switching to non-streaming models.
- Many open-weight LLMs are highly vulnerable to adversarial and multi-turn attacks, posing operational security risks.
Read More: https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html