Mitigating a token-length side-channel attack in our AI products

Cloudflare describes a recently reported token-length side-channel attack on streaming LLM responses, where an on-path attacker can infer per-token lengths from encrypted packet sizes and partially reconstruct assistant outputs (researchers report ~29% reconstruction and ~55% topic inference). Cloudflare validated the research, found variability in real-world accuracy, and rolled out mitigations by adding random-length padding to streaming JSON responses in Workers AI and AI Gateway, automatically protecting customers; no malicious exploitation was observed.