Skip to content
AI

Why can someone watching my encrypted LLM traffic still infer what I asked?

79

الفرصة

Whisper Leak, disclosed in late 2025, demonstrated that analyzing packet timing and size patterns in encrypted streaming LLM responses classifies prompt topics with greater than 98% precision across 28 major providers. Some providers including OpenAI and Mistral deployed fixes, but those mitigations address token-length patterns only. A separate attack exploits speculative decoding: the number of tokens accepted per decoding step varies with output content, and that signal leaks through even padded connections because padding does not eliminate the acceptance-rate fluctuation. Proposed defenses such as token batching reduce attack accuracy by 50% but do not eliminate it, and random padding imposes up to 8.7x payload overhead with residual leakage. No provider has shipped a complete mitigation for the speculative decoding variant.

لماذا تهم

Any user querying a streaming LLM from a network that logs traffic is leaking the topic of their query regardless of TLS encryption, including users who believe they are communicating privately with a medical, legal, or financial assistant.

كيف أقيّم الفرصة

نقاط الفرصة هي قراءتي الشخصية لا قياس دقيق: مدى تأثير المشكلة، وتكرار مواجهتها، وشُح الحلول المتاحة لها اليوم. كلما ارتفعت النقاط، كان البناء في رأيي أجدر بالاهتمام.

الحدّة8/10

مقدار الألم الذي تسببه حين تظهر.

التكرار8/10

مدى تكرار مواجهة الناس لها فعلياً.

الفراغ السوقي8/10

مدى شُح الأدوات الجيدة المتاحة لها اليوم.

مزيد من المشكلات التي تستحق الحل