Hackers Can Read Private AI Assistant Chats Even Though They're Encrypted
Freeman writes:
AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps-mainly in the form of encrypting them-to prevent potential snoops from reading other people's interactions.
But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini.
[...] By carefully monitoring these sources, attackers can assemble enough information to recover encrypted keystrokes or encryption keys from CPUs, browser cookies from HTTPS traffic, or secrets from smartcards, The side channel used in this latest attack resides in tokens that AI assistants use when responding to a user query.
Read more of this story at SoylentNews.