This work identifies a critical subspace information leakage vulnerability in the singular value decomposition (SVD)-based matrix transmission protocol of the Euston secure inference framework. The leakage stems from the random masks employed during SVD compression, which fail to fully obscure the subspace structure of the input data. To exploit this flaw, we propose the first privacy attack that efficiently reconstructs users’ private inputs using only the leaked subspace information. Experimental evaluations on both image and language datasets demonstrate that our method successfully recovers original samples with high fidelity, thereby revealing a fundamental privacy weakness introduced by Euston’s bandwidth-optimization design. These findings underscore significant security risks that may arise when deploying the protocol in real-world applications.

In the 47th IEEE Symposium on Security and Privacy (IEEE S&P 2026), Gao et al. proposed an efficient and user-friendly secure transformer inference framework, namely Euston. In Euston, a singular value decomposition-based matrix transmission protocol is designed to efficiently transmit input matrices, reducing communication bandwidth by approximately 2.8 times. In this manuscript, we show that this transmission protocol introduces subspace leakage of random masks, enabling the model owner to recover private samples easily. We further validate the effectiveness of the recovery attack through simple experiments on image and language datasets, highlighting a fundamental privacy risk of the protocol design.