Today, Zero Trust is a fuzzy term with more than a dozen different definitions. Any initial search for Zero Trust leads people to stumble upon technology associated with the concept, but this gives people the wrong impression and sets them off on the wrong foot in their adoption journey. Zero Trust is a concept and framework, not technology.
We are on a mission to give a stronger voice to practitioners and others who have been in these shoes, have begun adopting or implementing a Zero Trust strategy, and to share their experience and insight with peers while not influenced by vendor hype.
All content for Adopting Zero Trust is the property of Adopting Zero Trust and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Today, Zero Trust is a fuzzy term with more than a dozen different definitions. Any initial search for Zero Trust leads people to stumble upon technology associated with the concept, but this gives people the wrong impression and sets them off on the wrong foot in their adoption journey. Zero Trust is a concept and framework, not technology.
We are on a mission to give a stronger voice to practitioners and others who have been in these shoes, have begun adopting or implementing a Zero Trust strategy, and to share their experience and insight with peers while not influenced by vendor hype.
Whisper Leak: How Encrypted AI Chats Still Leak Conversation Topics
Adopting Zero Trust
31 minutes
1 month ago
Whisper Leak: How Encrypted AI Chats Still Leak Conversation Topics
In this episode, we break down Whisper Leak, a newly disclosed side-channel issue affecting encrypted LLM communications. JBO explains how attackers can infer conversation topics using packet size and timing metadata without breaking encryption. The discussion covers how the research team discovered the issue, how vendors (including Microsoft and OpenAI) mitigated it, and what it means for the future of secure AI systems.
01:30 – What Whisper Leak Actually Is02:30 – Understanding Side-Channel Attacks04:00 – Why LLMs Are Uniquely Vulnerable08:00 – Stream Ciphers vs Block Ciphers13:30 – “Did You Break Encryption?” Clearing Up Misconceptions16:00 – Fixes & Mitigations Across LLM Vendors18:30 – Why Some Vendors Were More Vulnerable Than Others20:00 – Could High-End Adversaries Still Pull This Off?24:00 – How API Users Can Protect Themselves25:00 – Designing LLM Systems with Side Channels in Mind
Guests: Jonathan (JBO) Bar Or, Principal Security Researcher, Microsoft Threat Intelligence, who just joined CrowdStrike
Hosts: Elliot Volkman & Neal Dennis
Adopting Zero Trust
Today, Zero Trust is a fuzzy term with more than a dozen different definitions. Any initial search for Zero Trust leads people to stumble upon technology associated with the concept, but this gives people the wrong impression and sets them off on the wrong foot in their adoption journey. Zero Trust is a concept and framework, not technology.
We are on a mission to give a stronger voice to practitioners and others who have been in these shoes, have begun adopting or implementing a Zero Trust strategy, and to share their experience and insight with peers while not influenced by vendor hype.
