Microsoft Details “Whisper Leak” Vulnerability That Could Expose Encypted AI Chat

It turns out even encrypted AI chats might not be as private as you think. Microsoft security researchers have now detailed a vulnerability, dubbed “Whisper Leak,” that could let attackers guess what users are talking about with AI chatbots via Transport Layer Security (TLS). What’s scary is that attackers don’t even need to decrypt a single message.

Per the detailed report, AI assistants from OpenAI, Mistral, xAI, and DeepSeek were all vulnerable to this side-channel attack. Here’s how it works. While AI chats remain encrypted, the size and rhythm of data packets exchanged between a user and a chatbot can reveal conversation topics.

In other words, attackers could study the “pattern” of your chat traffic to make a remarkably accurate guess about what you’re discussing. The issue traces back to how modern AI chatbots stream responses word by word to mimic natural human conversation.

Well, this live-streaming behavior creates a data pattern that can be measured and, with enough samples, interpreted. In Microsoft’s tests, AI models trained on traffic data could infer topics with over 98% accuracy. What’s worse is that the accuracy improves over time. As attackers monitor more conversations, their systems learn and adapt. In short, the future guesses are even more accurate.

Fortunately, Microsoft says that all the companies have been made aware of the vulnerability and have already patched it. OpenAI, Microsoft, and Mistral have implemented “data padding.” For those unaware, that’s small bits of random text to disrupt these detectable patterns. Think of it as adding static to a radio signal. While you can still hear the message, outsiders can’t easily analyze it.

From the users’ point of view, Microsoft recommends joining trusted networks, using a VPN, and avoiding sensitive discussions over public Wi-Fi. You can read all the technical details here.