Whisper Leak: Encrypted AI chats can still reveal their topic

Kari Jaaskelainen

06 Nov 2025 — 1 min read

Encrypted LLM chats can still leak their topic

Whisper Leak shows that even with TLS, streaming responses create telltale packet size and timing patterns. Across 28 popular models, these fingerprints let an eavesdropper classify prompt topics with near-perfect accuracy, flagging sensitive ones like "money laundering" and even recovering 5-20% of matching chats amid heavy noise.

Why it matters: a network observer (ISP, employer, government, or someone on the same Wi-Fi) could infer what you ask an AI without seeing the text.

Mitigations (not a full fix)

Random padding, token batching, and packet injection reduce leakage, but none stop it.
Providers have begun deploying defenses after responsible disclosure.

What you can do now: prefer non-streaming replies when possible, use trusted networks and a VPN, and avoid highly sensitive prompts on untrusted connections until stronger protections arrive.

Paper: http://arxiv.org/abs/2511.03675v1

Paper: http://arxiv.org/abs/2511.03675v1

Register: https://www.AiFeta.com

AI Security Privacy LLM Cybersecurity Metadata SideChannel Research NetworkTraffic

Automating GDPR Compliance: A Roadmap for Companies and Law Firms

GDPR compliance is more than checkboxes. A new roadmap from the Privatech project shows how automation and machine learning can help companies and law firms assess—and even generate—privacy compliance. * Shift the focus to data processors’ real workflows: drafting policies, mapping data uses, documenting decisions. * Break compliance into machine-ready

FPGAs for Faster, Leaner Deep Learning: A Review of CNN Accelerators

Deep learning drives image search, robots, and medical scans. Most systems lean on CPUs and GPUs. This review asks: what if we run convolutional neural networks (CNNs) on FPGAs—reconfigurable chips you can tailor to the model? * Why FPGAs: custom dataflows, low latency, and strong energy efficiency—great for cameras,

Dynamic-K: Recommendations That Know When to Stop

Most apps show a fixed number of “top” items—say 10 movies or 20 products—assuming there are always enough good options. But that’s not always true: sometimes there are few relevant items, or some users are extra picky. The result? Filler recommendations. Dynamic-K flips the script. Instead of

Teaching chatbots to stop contradicting themselves (DECODE)

Teaching chatbots to stop contradicting themselves Ever had a bot say one thing, then the opposite a few turns later? This study introduces DECODE—a new task and dataset for spotting contradictions in everyday conversations, drawn from both human-human and human-bot chats. * New data beats existing natural language inference (NLI)