"Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances. This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to the privacy of user and enterprise communications, the company noted. The attack has been codenamed Whisper Leak."
"Model streaming in large language models ( LLMs) is a technique that allows for incremental data reception as the model generates responses, instead of having to wait for the entire output to be computed. It's a critical feedback mechanism as certain responses can take time, depending on the complexity of the prompt or task. The latest technique demonstrated by Microsoft is significant, not least because it works despite the fact that the communications with artificial intelligence (AI) chatbots are encrypted with HTTPS,"
A novel side-channel attack codenamed Whisper Leak enables passive observers of encrypted network traffic to infer conversation topics exchanged with streaming-mode language models. An attacker who can view TLS/HTTPS packets can extract packet-size and timing sequences from incremental model outputs and feed those features into trained classifiers to determine whether prompts or responses match sensitive target categories. The threat model includes observers at ISP vantage points, local networks, or shared Wi‑Fi routers. The technique undermines the confidentiality guarantees provided by encryption for streaming LLM interactions and raises privacy and enterprise data-exfiltration concerns. Prior side channels have included inferring plaintext token lengths from encrypted packet sizes.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]