Microsoft has uncovered a novel side-channel attack, dubbed the 'Whisper Leak', which enables malicious actors to access sensitive Large Language Model (LLM) conversations, even when encrypted with Transport Layer Security (TLS). This attack poses a significant threat to users in oppressive regimes, where it could be used to target discussions on topics such as protesting, banned materials, election processes, and journalist reports. The attack leverages machine learning to analyze patterns in encrypted packet sizes and arrival times, allowing it to categorize the general topic of a user's prompt. Whisper Leak achieves 100% precision in identifying sensitive discussions, even when TLS encryption is in use. This makes it a potent surveillance tool for various entities, from nation-states to local adversaries on public Wi-Fi. The attack is distinct from previous research, which focused on token lengths or cache timing, by treating streaming traffic as a fingerprint for prompt topics. Security professionals are urged to take note of this highly effective attack and implement mitigations, such as avoiding sensitive discussions over AI chatbots on untrusted networks, using VPN services, and opting for providers with robust security practices. Microsoft offers practical tips to security teams to protect against Whisper Leak.
