Microsoft Reveals 'Whisper Leak' Attack That Exposes AI Chat Topics

Microsoft has disclosed a new side-channel vulnerability in AI chat systems that can reveal what users are discussing, according to Forbes. The flaw, named Whisper Leak, allows attackers monitoring encrypted internet traffic to infer conversation topics with high accuracy, even though the content itself remains secure.

The attack targets the streaming feature used by AI chatbots such as ChatGPT, Copilot, and Claude, where responses are displayed incrementally. By analyzing the size and timing of encrypted data packets sent between a user and an AI service, a passive observer can identify if a conversation concerns specific subjects like politics or financial crimes.

Microsoft researchers trained classifiers on traffic patterns from models operated by companies including OpenAI, Mistral, DeepSeek, and xAI. Their proof-of-concept achieved over 98% accuracy in detecting targeted topics. The company noted that the effectiveness of the attack can increase over time as more conversation samples are collected.

After responsible disclosure, OpenAI, Microsoft, and Mistral implemented mitigations by adding random text sequences to chatbot responses, which obscure packet patterns and neutralize the leak. Microsoft also advises users to avoid sensitive discussions on public networks, use VPNs for added protection, and prefer non-streaming modes when privacy is critical.

The discovery highlights ongoing challenges in securing AI communication systems, where even encrypted exchanges can inadvertently expose metadata about user interactions.