The attack leverages packet sizes and timing to guess topics even over TLS, potentially exposing conversations from observed traffic.

Mitigations from OpenAI, Microsoft, and Mistral, with broader assessments noting open-weight LLMs remain vulnerable to multi-turn adversarial manipulation, reinforcing the need for strong guardrails.

The broader cybersecurity landscape in 2025 features AI-related threats, regulatory considerations like potential EU AI Act impacts, and a push for AI-driven defense collaborations among tech firms and vendors.

Microsoft disclosed Whisper Leak, a side-channel attack that infers topics discussed with remote language models by analyzing encrypted streaming traffic, without decrypting content.

Researchers trained classifiers (LightGBM, Bi-LSTM, BERT) on topic-related and unrelated prompts, achieving high accuracy and often top-tier AUPRC in identifying topic signals.

Recommended mitigations include traffic obfuscation with dummy packets, constant-bit-rate encoding for AI responses, on-premises LLMs for sensitive tasks, and strengthened MFA and phishing defenses.

Further testing showed that larger datasets and more complex multi-turn conversations can increase attack success, underscoring scalability of the threat.

Case studies illustrate exploitation risks in scenarios like executives querying about mergers, drawing parallels to espionage-like breaches.

Whisper Leak was described in a Microsoft Security Blog post dated in early November 2025, highlighting real-world relevance for high-risk users.

The threat is framed against past cryptographic side-channels, with AI traffic’s dynamic nature increasing risk for targeted profiling or phishing.

Microsoft emphasized real-world relevance for journalists, protesters, and others under oppressive regimes, advising caution on untrusted networks.

Related studies note that longer multi-turn interactions can erode safety rules, illustrating broader systemic security challenges beyond Whisper Leak.