whisper leak

The Whisper Leak tag covers a side-channel attack disclosed by Microsoft's security team, where encrypted conversations with streaming language models can leak topic-level information to a passive network observer. By analyzing encrypted packet sizes and timings, an attacker can infer the topic of an LLM stream without decrypting the traffic. This vulnerability, named Whisper Leak, exploits the token-by-token streaming behavior of remote LLMs, which creates observable metadata in TLS record sizes. The tag includes discussions on the technical details, implications for privacy, and potential mitigations for this side-channel in AI services.