REDMOND / LONDON (IT BOLTWISE) – Microsoft has discovered a new attack method called ‘Whisper Leak’ that allows attackers to identify sensitive topics of AI chat conversations despite encryption. This discovery raises serious questions about the security and privacy of user communications.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
Microsoft has uncovered a new attack method called ‘Whisper Leak’ that allows attackers to identify sensitive topics of AI chat conversations despite encryption. This discovery raises serious questions about the security and privacy of user communications. The attack uses analysis of encrypted network traffic to infer the topics of conversations, even if they are protected by HTTPS.
Microsoft researchers, including Jonathan Bar Or and Geoff McDonald, have found that attackers capable of monitoring encrypted traffic, such as state actors or people on the same network, can identify the subjects of user requests. This is done by analyzing packet sizes and time intervals between data packets sent by the language models.
Whisper Leak builds on previous findings about side-channel attacks and shows that the sequence of encrypted packet sizes and their arrival times can contain enough information to classify the subject of the original request. As a proof of concept, Microsoft has trained a binary classifier capable of distinguishing between a specific topic and other content. This method could be used by attackers to specifically search for sensitive topics such as money laundering or political dissent.
To mitigate the risks, companies such as OpenAI, Mistral and Microsoft have taken measures to reduce the effectiveness of such attacks. One of the proposed countermeasures is to add variable-length random text sequences to the responses to obscure the length of each token. Microsoft also recommends being careful when using AI services on unsecured networks and, if necessary, using VPNs to protect privacy.
Order an Amazon credit card without an annual fee with a credit limit of 2,000 euros!
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ «KI Gadgets»
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “Microsoft’s ‘Whisper Leak’ Reveals Vulnerabilities in AI Chatbots”.