Researchers Reveal LLM Side-Channel Exfiltration Methods
On February 17, 2026, researchers published three papers demonstrating side-channel attacks that infer user prompts and extract data from encrypted LLM traffic and speculative decoding. Across open-source and production systems they report classification/identification accuracies of 75–99% and over 98% AUPRC, recover 5–20% of target conversations, and exfiltrate datastore tokens at rates exceeding 25 tokens/sec. They evaluate mitigations like padding and batching, but none fully eliminate leakage.
Key Points
- 1Show timing and packet-size side-channels infer user prompts with 75–98% accuracy.
- 2Reveal production systems leak datastore contents and PII through speculative decoding and boosting attacks.
- 3Advise packet padding, token batching, and injection mitigations, noting none fully prevents metadata leakage.
Scoring Rationale
Strong academic demonstrations across production LLMs justify high impact, despite mitigations proving partial and not fully protective.
Sources
Public references used for this report.
Practice with real Logistics & Shipping data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Logistics & Shipping problems

