Microsoft has revealed a significant security vulnerability dubbed 'Whisper Leak' that affects most server-based AI chatbots, including popular platforms like ChatGPT and Gemini. This discovery raises concerns about the privacy and security of conversations with AI assistants.

The Whisper Leak Vulnerability

The Whisper Leak vulnerability exploits metadata in network traffic, which remains visible even when messages are encrypted with Transport Layer Security (TLS). While this flaw doesn't break the encryption itself, it potentially allows various entities to identify the topics of conversations users have with AI chatbots.

Who Could Exploit This Vulnerability?

According to Microsoft's disclosure, the following groups could potentially exploit the Whisper Leak vulnerability:

• Internet Service Providers (ISPs)
• Government agencies
• Users on the same Wi-Fi network

Accuracy and Impact

Microsoft researchers have found that the vulnerability could allow attackers to:

• Identify target conversations with 100% accuracy in many tested models
• Catch between 5% to 50% of conversations

This level of accuracy is concerning, as it could compromise user privacy and potentially reveal sensitive information discussed with AI chatbots.

Mitigation Efforts

Microsoft has taken responsible steps to address this vulnerability:

• Engaged in responsible disclosures with affected vendors
• Worked with major AI companies to implement protective measures

Several prominent AI companies have already deployed protective measures, including:

• OpenAI
• Mistral
• xAI
• Microsoft Azure

Recommendations for Users

To protect themselves from potential exploitation of the Whisper Leak vulnerability, Microsoft advises users to:

1. Avoid discussing sensitive topics on untrusted networks
2. Use Virtual Private Networks (VPNs) when accessing AI chatbots
3. Choose providers that have implemented security mitigations
4. Opt for non-streaming language models when possible

Implications for AI Security

The discovery of the Whisper Leak vulnerability highlights the ongoing challenges in securing AI technologies. As AI chatbots become more prevalent in both personal and professional settings, ensuring the privacy and security of user interactions will be crucial for maintaining trust in these systems.

This revelation serves as a reminder that while AI technologies offer tremendous benefits, they also introduce new security considerations that must be continuously addressed by developers, companies, and users alike.

Microsoft has agreed to refund Australian customers who were charged higher fees for Microsoft 365 subscriptions following price increases related to the integration of Copilot AI features. This decision comes in the wake of legal proceedings initiated by the Australian Competition and Consumer Commission (ACCC), which alleged that Microsoft misled approximately 2.7 million users by concealing cheaper subscription options.

The Pricing Controversy

The tech giant faced criticism for its handling of pricing changes introduced in October 2024. According to the ACCC, Microsoft failed to adequately inform users about lower-cost alternatives that didn't include the new AI capabilities. In response to the allegations, Microsoft has acknowledged that it could have communicated the pricing changes more clearly.

Microsoft's Response and Refund Offer

Microsoft has taken steps to address the situation:

1. Apology: The company has issued an apology for the lack of clarity in its communication.
2. Refund Program: Eligible subscribers will be offered refunds if they wish to switch to lower-priced plans without AI features.
3. Justification: Microsoft stated that the addition of AI capabilities to Microsoft 365 Personal and Family subscriptions was in response to user demand for advanced AI tools.

Impact on Customers

This development highlights the growing importance of AI in consumer software products and the challenges companies face in balancing feature additions with pricing strategies. It also underscores the role of consumer protection agencies in ensuring fair practices in the tech industry.

Australian customers of Microsoft 365 should look out for communications regarding their eligibility for refunds and options to switch to lower-priced plans if desired.