Your AI Assistant has a Big Mouth: A New Side Channel Attack
Yisroel Mirsky
DEF CON 32 Main Stage · Day 1 · Main Stage
In an era where Artificial Intelligence (AI) assistants like ChatGPT, Google Gemini, and Microsoft Copilot are becoming ubiquitous, handling increasingly sensitive personal and professional data, the expectation of privacy is paramount. This talk, presented by Yisroel Mirsky and his team from Ben Gurion University, unveils a groundbreaking **side-channel attack** that shatters this expectation. Titled "Your AI Assistant has a Big Mouth," the research demonstrates how an adversary can infer the content of encrypted responses from these AI assistants by merely observing network traffic patterns.
AI review
Mirsky and his team have unearthed a truly novel side-channel attack that shatters the illusion of privacy in AI assistants. By observing unpadded, token-by-token network traffic, they've demonstrated how to infer the content of encrypted LLM responses, even leveraging another LLM for decryption. This isn't just a theoretical exercise; it's a practical, cost-effective method to reconstruct sensitive conversations, highlighting a critical architectural flaw that demands immediate attention from every major AI vendor. This research defines a new frontier in AI security and sets a high bar for…