Are conversations with AI chatbots safe?Microsoft uncovers a serious flaw

Microsoft has issued a critical warning regarding a newly identified side-channel vulnerability that could expose the topics of conversations users have with AI chatbots such as ChatGPT or Gemini. Dubbed the "Whisper Leak," this flaw does not allow attackers to view entire conversations but enables them to discern the subject matter by analyzing patterns in the network traffic. In a detailed blog post, the tech giant highlighted the potential risks posed by this vulnerability, particularly in environments controlled by oppressive governments. It suggested that entities like Internet Service Providers (ISPs) or government agencies could track discussions on sensitive issues, including protests, banned topics, election processes, and journalism. Microsoft elaborated that this vulnerability could facilitate the monitoring of conversations regarding even more critical matters like money laundering or political dissent. The exploitation relies on the unique way AI chatbots generate responses. Unlike traditional methods, these chatbots produce answers incrementally, token by token, based on user inputs instead of delivering complete responses at once. Although interactions with these chatbots are encrypted, attackers who can access the encrypted data without being able to decrypt it can still analyze the patterns to infer discussion topics. "If a government agency or ISP were to observe traffic directed at a well-known AI chatbot, they could effectively identify users inquiring about specific sensitive subjects, despite the encryption, " Microsoft noted in its post. Researchers from Microsoft conducted simulations where they demonstrated that an attacker could monitor encrypted traffic without decrypting it. By training machine-learning models to function as an AI eavesdropper, they found that cybercriminals could achieve a striking accuracy rate of 100% in identifying sensitive topics, with 5-20% of conversations flagged as targets. The company's findings indicated that nearly all conversations categorized as suspicious by the attacker were indeed related to sensitive subjects, eliminating false positives. This high level of accuracy poses significant concerns, as it allows cybercriminals to operate with increased confidence, knowing they are not misallocating their resources. Microsoft cautioned that the threat could escalate over time as attackers gather more data and develop increasingly sophisticated models.