Whisper Leak: How Encrypted AI Chats Still Leak Conversation Topics
Adopting Zero Trust11 Joulu 2025

Whisper Leak: How Encrypted AI Chats Still Leak Conversation Topics

In this episode, we break down Whisper Leak, a newly disclosed side-channel issue affecting encrypted LLM communications. JBO explains how attackers can infer conversation topics using packet size and timing metadata without breaking encryption. The discussion covers how the research team discovered the issue, how vendors (including Microsoft and OpenAI) mitigated it, and what it means for the future of secure AI systems.

01:30 – What Whisper Leak Actually Is
02:30 – Understanding Side-Channel Attacks
04:00 – Why LLMs Are Uniquely Vulnerable
08:00 – Stream Ciphers vs Block Ciphers
13:30 – “Did You Break Encryption?” Clearing Up Misconceptions
16:00 – Fixes & Mitigations Across LLM Vendors
18:30 – Why Some Vendors Were More Vulnerable Than Others
20:00 – Could High-End Adversaries Still Pull This Off?
24:00 – How API Users Can Protect Themselves
25:00 – Designing LLM Systems with Side Channels in Mind

Guests: Jonathan (JBO) Bar Or, Principal Security Researcher, Microsoft Threat Intelligence, who just joined CrowdStrike

Hosts: Elliot Volkman & Neal Dennis

Hosted on Acast. See acast.com/privacy for more information.

Jaksot(58)

AZT: The National Cybersecurity Strategy

AZT: The National Cybersecurity Strategy

This week on AZT, we chat about something timely and impactful to everyone in the cybersecurity and users impacted by related decisions: the new National Cybersecurity Strategy (full strategy here). O...

23 Maalis 202355min

Adopting Zero Trust: Open Source

Adopting Zero Trust: Open Source

This week Neal and I continue with our exploration of new formats, and this time we go one-on-one with the Founder and CEO of Netfoundry, Galeal Zino. Prior to Netfoundry, Zino spent much of his caree...

9 Maalis 202358min

Adopting Zero Trust with Author George Finney: Approachable

Adopting Zero Trust with Author George Finney: Approachable

Zero Trust as a concept or strategy on the surface appears simple in nature. Heck, it’s only two words. However, when push comes to shove, and it’s time for organizational adoption, Zero Trust impacts...

23 Helmi 202350min

Adopting Zero Trust: Zero Knowledge Authority

Adopting Zero Trust: Zero Knowledge Authority

This week we have a two-for-one special and feature our newest panel-style format. On the practitioner side, we have crowd favorite Andrew Abel, who currently works with a financial institution, but h...

10 Helmi 202348min

Adopting Zero Trust With Ismael Valenzuela: Less Trust

Adopting Zero Trust With Ismael Valenzuela: Less Trust

This week we chat with Ismael Valenzuela, VP of Threat Intel at Blackberry, a 13-year SANS instructor, and has balanced his time between educator and practitioner for decades. Before peppering Ismael ...

26 Tammi 202348min

Adopting Zero Trust: Season One is Wrapped

Adopting Zero Trust: Season One is Wrapped

Welcome to the last episode of season one, where Neal and I go on a rambling adventure and look back on some of the interesting and eye-opening conversations we’ve had over the past few months. To wra...

15 Joulu 202249min

Adopting Zero Trust with Chase Cunningham: The Doctor is in

Adopting Zero Trust with Chase Cunningham: The Doctor is in

This week we chat with Chase Cunningham, Doctor Zero Trust himself, about the decade-overnight success of Zero Trust, how he got involved with the concept, and methods for navigating vendors wanting t...

22 Marras 202256min

Adopting Zero Trust with Chris Reinhold: Pen Testing Zero Trust

Adopting Zero Trust with Chris Reinhold: Pen Testing Zero Trust

This week we chatted with Chris Reinhold, Director of Innovation at Core BTS, a managed security service provider (MSSP) and IT consulting firm. We dig into the long-awaited answer to our previous cal...

10 Marras 202246min