Schneier on Security

Three academic papers reveal side-channel vulnerabilities in LLM systems that leak sensitive information through timing patterns and network traffic metadata. Attackers can infer conversation topics with 90%+ accuracy, distinguish specific messages, recover PII like phone numbers, and fingerprint user queries—even through TLS encryption—by analyzing packet sizes and response timing. The attacks exploit efficiency optimizations like speculative decoding and affect major production systems including ChatGPT and Claude. Proposed mitigations like padding and token batching reduce but don't eliminate the threat.