Simple Cyber DefenseThink your AI chats are private? Think again. đ©
A new side-channel attack called the "Whisper Leak" allows hackers to infer your conversations even with encryption.
Mattias T 
When you didn't think AI could scare you more.
https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html?m=1
maniabelWhisper-Leak-Angriff
Large Language Models (LLMs) werden zunehmend in sensiblen Bereichen eingesetzt, darunter Gesundheitswesen, Rechtsdienstleistungen und vertrauliche Kommunikation, wo der Datenschutz von gröĂter Bedeutung ist. Die neue Bedrohung: Whisper Leak, ein SideâChannelâAngriff, der die Themen von NutzerâPrompts aus verschlĂŒsseltem LLMâVerkehr ableitet, indem er PaketgröĂenâ und Zeitmuster in StreamingâAntworten analysiert. Obwohl TLSâVerschlĂŒsselung den Inhalt schĂŒtzt, fallen zu viele Metadaten-Muster vom "TLS-Laster". Werde eine kritische Menge an "Verlustdaten" ĂŒberschritten, sei eine Themenklassifizierung möglich.
Mehr: https://maniabel.work/archiv/158
TechNaduđ§ âWhisper Leakâ can infer encrypted LLM chat topics via traffic pattern analysis.
Partial fixes by Microsoft, OpenAI & xAI - others remain vulnerable.
https://www.technadu.com/llm-side-channel-attack-whisper-leak-exposes-encrypted-communications/613063/
WinbuzzerMicrosoft Uncovers 'Whisper Leak' Flaw, Exposing Encrypted AI Chats Across 28 LLMs
#AI #AISecurity #Cybersecurity #Microsoft #Privacy #Encryption #DataPrivacy #LLMs #SideChannelAttack #InfoSec #WhisperLeak
Microsoft disclosed a new AI privacy threat, âWhisper Leakâ â a side-channel attack that can reveal AI chat topics through encrypted traffic analysis.
Even HTTPS encryption isnât enough if packet sizes & timing give away whatâs being discussed.
Providers like OpenAI, Mistral, and Microsoft are adding random padding to counter the issue.
Are current LLM streaming designs too leaky for enterprise adoption?
đŹ Share your thoughts and follow @technadu for ongoing AI security updates.
#InfoSec #AIPrivacy #WhisperLeak #CyberSecurity #Encryption #LLMSecurity #TechNadu #DataProtection
Miguel Afonso Caetano"Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about modelâŻconversationâŻtopics despite encryption protections under certain circumstances.
This leakage of data exchanged between humans andâŻstreaming-mode language models could pose serious risks to the privacy of user and enterprise communications, the company noted. The attack has been codenamed Whisper Leak.
"Cyber attackers in a position to observe the encrypted traffic (for example, a nation-state actor at the internet service provider layer, someone on the local network, or someone connected to the same Wi-Fi router) could use this cyber attack to infer if the user's prompt is on a specific topic," security researchers Jonathan Bar Or and Geoff McDonald, along with the Microsoft Defender Security Research Team, said.
Put differently, the attack allows an attacker to observe encrypted TLS traffic between a user and LLM service, extract packet size and timing sequences, and use trained classifiers to infer whether the conversation topic matches a sensitive target category."
https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html
#AI #GenerativeAI #CyberSecurity #Microsoft #WhisperLeak #LLMs #Encryption
katzenbergerInteressant: auch eine verschlĂŒsselte Kommunikation ĂŒbers Netz mit einem #Chatbot bietet wohl genĂŒgend Anhaltspunkte, um von auĂen auf bestimmte Themen zu schlieĂen.
Nicht, dass das Teilen von Themen mit einer "#KI" an sich schon reichlich naiv wÀre.
(via @nopatience)
Englisch:
