LeftoverLocals: Listening to LLM responses through leaked GPU local memory

By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU […]

amd apple applications data gpu gpus leaked listening llm llms local machine learning memory posture process qualcomm recovery security security posture tyler vulnerability vulnerability disclosure