Whisper Leak Side-Channel - Inferring LLM Topics from Traffic
CORTEX Protocol Intelligence Assessment
Business Impact: The Whisper Leak side-channel attack creates regulatory and ethical exposure for organizations that rely on cloud-hosted LLMs for sensitive workflows, since adversaries with network visibility may infer topics such as political dissent, medical conditions, or internal investigations. Compliance teams should recognize that "encrypted" LLM traffic does not automatically guarantee conversational privacy. Technical Context: Whisper Leak side-channel analysis treats TLS-encrypted streaming responses as sequences of packet sizes and timings, training classifiers to recognize the statistical fingerprint of particular prompts. The work builds on earlier token-length and timing side-channel research but demonstrates higher effectiveness across multiple commercial providers. Mitigations such as random obfuscation fields and configurable padding parameters reduce signal quality, yet residual leakage remains possible where obfuscation is disabled or incompletely deployed.
Strategic Intelligence Guidance
- Confirm whether current LLM providers have implemented Whisper Leak mitigations such as response obfuscation or padding, and ensure these features are enabled for sensitive applications.
- Avoid using streaming LLM responses for highly sensitive topics on untrusted networks, and consider non-streaming modes where latency and user experience allow.
- Architect LLM integrations so that prompts and responses containing regulated data are processed through private network paths with minimized exposure to third-party observers.
- Update privacy impact assessments and data-protection policies to account for traffic-analysis side channels, including explicit controls around where and how LLM traffic may be monitored.