Researchers Uncover Method to Hack AI Assistants by Exploiting Response Lengths
-
Researchers discovered a way to circumvent encryption and access private AI assistant chats by exploiting a token-length side channel that reveals response lengths.
-
Attack allows hackers to accurately reconstruct 29% and infer topics from 55% of AI assistant responses.
-
Method involves using a language model to translate token sequences, providing context to narrow possibilities, and fine-tuning on the target's writing style.
-
Attack represents the first known use of generative AI to perform a side-channel attack.
-
Adding random padding to messages can mitigate the vulnerability by hiding actual token lengths.