Microsoft has uncovered a new security vulnerability affecting popular AI chatbots such as ChatGPT and Google’s Gemini, warning that attackers could determine what users are talking about even when conversations are encrypted. The flaw, called “Whisper Leak”, exposes a previously unseen risk in how large language models handle streamed responses.
In its detailed research blog, Microsoft explained that the vulnerability allows third parties such as internet service providers, government agencies, or anyone sharing the same Wi-Fi network to infer the topic of a user’s conversation with an AI system. While attackers cannot read the actual text, they can identify the general subject matter with alarming precision by analysing the patterns and timing of encrypted network traffic.
The company warned that the risk is particularly serious in countries where surveillance and censorship are common. By monitoring users’ interactions with chatbots, authorities could detect conversations about politically sensitive or banned topics, including protests, election discussions, or journalism-related content. Microsoft also noted that similar attacks could be used to flag discussions about financial crimes or other high-risk subjects.
The flaw stems from the way chatbots like ChatGPT and Gemini generate responses. Large language models work by predicting and outputting one token at a time, rather than producing an entire response in a single batch. Even though these exchanges are encrypted, the distinctive data flow patterns created during streaming responses can reveal clues about the underlying content.
Microsoft’s researchers simulated a real-world scenario where an attacker could observe but not decrypt the traffic between users and AI chatbots. Using machine learning models trained to recognise these traffic patterns, they achieved up to 100% accuracy in identifying specific sensitive topics, with a false-positive rate near zero. The models could also reconstruct between 5% and 20% of certain target conversations based on encrypted data alone.
The findings suggest that the threat could become more dangerous over time as attackers gather larger datasets and use more advanced analytical tools. Microsoft has urged AI companies and service providers to explore new techniques to obscure network traffic patterns, reducing the risk of topic inference attacks.
As AI chatbots continue to gain popularity in workplaces, journalism, and education, “Whisper Leak” underscores the need for stronger privacy safeguards in the next generation of conversational AI systems.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
