Whisper Leak: How Threat Actors Can See What You Talk to AI About

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ is joined by security researchers Geoff McDonald and JBO to discuss Whisper Leak, new research showing that encrypted AI traffic can still unintentionally reveal what a user is asking about through patterns in packet size and timing.  

They explain how LLM token streaming enables this kind of side-channel attack, why even well-encrypted conversations can be classified for sensitive topics, and what this means for privacy, national-level surveillance risks, and secure product design. The conversation also walks through how the study was conducted, what patterns emerged across different AI models, and the steps developers should take to mitigate these risks. 

In this episode you’ll learn:      

• Why packet sizes and timing patterns reveal more information than most users realize 
• How user-experience choices like showing streamed text create a larger attack surface 
• The difference between classic timing attacks and the new risks uncovered in Whisper Leak 

Resources:  

• ⁠View JBO on LinkedIn⁠ 
• ⁠View Geoff McDonald on LinkedIn⁠   
• ⁠View Sherrod DeGrippo on LinkedIn⁠  

 ⁠Learn more about Whisper Leak⁠ 

 Related Microsoft Podcasts:                   

• ⁠Afternoon Cyber Tea with Ann Johnson⁠ 
• ⁠The BlueHat Podcast⁠ 
• ⁠Uncovering Hidden Risks⁠     

Discover and follow other Microsoft podcasts at⁠ ⁠⁠microsoft.com/podcasts⁠  

Get the latest threat intelligence insights and guidance at Microsoft ⁠Security Insider⁠  

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.