Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic

Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic

Microsoft has identified a side-channel attack called Whisper Leak that allows adversaries to infer AI chat topics from encrypted traffic. The attack achieves over 98% accuracy in classifying sensitive prompts using packet size and timing data.

Why This Matters

Encrypted TLS traffic, long considered secure against passive monitoring, is vulnerable to metadata analysis. Whisper Leak demonstrates that even encrypted AI interactions can leak sensitive information through patterns in packet sizes and inter-arrival times. This undermines privacy assumptions in streaming LLM communications, enabling adversaries to identify topics like “money laundering” or “political dissent” without decrypting payloads. The attack scale is concerning, as nation-state actors or ISPs could monitor millions of users with minimal computational resources.

Key Insights

• “98% accuracy in topic classification using LightGBM/BERT classifiers, 2025”: Microsoft’s proof-of-concept achieved high accuracy across models from Alibaba, DeepSeek, and OpenAI.
• “Packet size + timing analysis overcomes encryption”: Whisper Leak exploits metadata patterns in TLS-encrypted streaming responses.
• “OpenAI, Mistral, and Microsoft deploy random text padding”: Mitigations include injecting variable-length noise to mask token lengths.

Practical Applications

• Use Case: Government agencies monitoring AI chatbot traffic to detect sensitive topics.
• Pitfall: Using public Wi-Fi without a VPN increases exposure to packet-level metadata analysis.

References:

• https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak.html