Microsoft on November 8, 2025, revealed a new security vulnerability dubbed 'Whisper Leak,' a side-channel attack capable of identifying the topics of AI chat conversations even through encrypted traffic. The attack analyzes the size and timing of data packets sent between a user and a large language model in streaming mode to infer the subject matter, posing a potential privacy risk for users and enterprises discussing sensitive topics on untrusted networks. According to Microsoft, an attacker positioned to observe network traffic, such as over a public Wi-Fi network or at an internet service provider level, could use this method to determine if a conversation pertains to a specific monitored subject. The research found that models from OpenAI, Mistral, and xAI were also susceptible. There has been no significant market reaction reported in the available financial news. In a coordinated effort, Microsoft, along with other affected AI companies like OpenAI and Mistral, has already implemented countermeasures to address the vulnerability. The primary mitigation involves adding random data to obscure the length of message tokens, effectively neutralizing this side-channel attack vector. Microsoft is also advising users to utilize VPNs on untrusted networks for an added layer of security.