Side-Channel Attacks Against LLMs (www.schneier.com)

Recent research has unveiled serious vulnerabilities in large language models (LLMs) through a series of side-channel attacks. These studies highlight how timing and metadata patterns can be exploited by adversaries to infer user prompts and reveal sensitive information, even when the data is encrypted. For instance, attackers can monitor network traffic to determine the topics of conversations—such as distinguishing between medical advice and technical support—achieving over 90% accuracy in real-world settings, including popular LLMs like ChatGPT and Claude. Additionally, the Whisper Leak attack shows that even with encryption, information about user prompts can be inferred from packet size and timing, posing risks in privacy-critical applications like healthcare and legal services. The significance of these findings is profound for the AI/ML community, as they raise critical questions about the security and privacy of models deployed in sensitive areas. The implications are especially concerning given the increasing reliance on LLMs for confidential communications. Researchers proposed several mitigations—such as packet padding and token aggregation—but none offered complete protection. As a result, there is an urgent need for LLM providers to enhance their defenses against such vulnerabilities, ensuring user safety as these technologies continue to evolve and permeate various facets of daily life.