<p>In this episode, we break down Whisper Leak, a newly disclosed side-channel issue affecting encrypted LLM communications. JBO explains how attackers can infer conversation topics using packet size and timing metadata without breaking encryption. The discussion covers how the research team discovered the issue, how vendors (including Microsoft and OpenAI) mitigated it, and what it means for the future of secure AI systems.</p><p>01:30 – What Whisper Leak Actually Is<br>02:30 – Understanding Side-Channel Attacks<br>04:00 – Why LLMs Are Uniquely Vulnerable<br>08:00 – Stream Ciphers vs Block Ciphers<br>13:30 – “Did You Break Encryption?” Clearing Up Misconceptions<br>16:00 – Fixes &amp; Mitigations Across LLM Vendors<br>18:30 – Why Some Vendors Were More Vulnerable Than Others<br>20:00 – Could High-End Adversaries Still Pull This Off?<br>24:00 – How API Users Can Protect Themselves<br>25:00 – Designing LLM Systems with Side Channels in Mind</p><p>Guests: Jonathan (JBO) Bar Or, Principal Security Researcher, Microsoft Threat Intelligence, who just joined CrowdStrike</p><p>Hosts: Elliot Volkman &amp; Neal Dennis</p><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p>

Adopting Zero Trust

Adopting Zero Trust

Whisper Leak: How Encrypted AI Chats Still Leak Conversation Topics

DEC 11, 202531 MIN
Adopting Zero Trust

Whisper Leak: How Encrypted AI Chats Still Leak Conversation Topics

DEC 11, 202531 MIN

Description

<p>In this episode, we break down Whisper Leak, a newly disclosed side-channel issue affecting encrypted LLM communications. JBO explains how attackers can infer conversation topics using packet size and timing metadata without breaking encryption. The discussion covers how the research team discovered the issue, how vendors (including Microsoft and OpenAI) mitigated it, and what it means for the future of secure AI systems.</p><p>01:30 – What Whisper Leak Actually Is<br>02:30 – Understanding Side-Channel Attacks<br>04:00 – Why LLMs Are Uniquely Vulnerable<br>08:00 – Stream Ciphers vs Block Ciphers<br>13:30 – “Did You Break Encryption?” Clearing Up Misconceptions<br>16:00 – Fixes &amp; Mitigations Across LLM Vendors<br>18:30 – Why Some Vendors Were More Vulnerable Than Others<br>20:00 – Could High-End Adversaries Still Pull This Off?<br>24:00 – How API Users Can Protect Themselves<br>25:00 – Designing LLM Systems with Side Channels in Mind</p><p>Guests: Jonathan (JBO) Bar Or, Principal Security Researcher, Microsoft Threat Intelligence, who just joined CrowdStrike</p><p>Hosts: Elliot Volkman &amp; Neal Dennis</p><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p>