Although quantum circuit cutting extends the computational capabilities of near-term quantum devices, it introduces metadata side-channel risks: a semi-honest cloud provider can infer sensitive information—such as algorithm class, cutting strategy, and Hamiltonian structure—by observing metadata like fragment width, depth, and two-qubit gate count. This work presents the first formal analysis of this leakage, demonstrating that circuit cutting is not confidentiality-neutral and elevating metadata security to a first-class concern in quantum cloud systems. Leveraging machine learning classification, we conduct a generalized evaluation across diverse hardware topologies and algorithm families. Experiments on 1,200 circuit fragments achieve identification accuracies of 0.960 (AUC 0.999) for algorithm family, 0.847 (AUC 0.924) for cutting mechanism, and 0.960 (AUC 0.998) for Hamiltonian k-locality, confirming the severity of the leakage.

Quantum circuit cutting enables near-term quantum devices to execute workloads exceeding their qubit capacity by decomposing circuits into independently runnable fragments. While this extends computational reach, it creates a previously unexplored confidentiality surface: the fragment-level execution transcript observable by a semi-honest cloud provider. We formalise this surface and demonstrate that post-cut transcripts constitute a practical metadata side channel. Operating solely on provider-visible compiled circuit metadata (fragment width, depth, and two-qubit gate count), we evaluate a structured inference attack across six classification objectives spanning algorithm identity, cut mechanism, and coarse Hamiltonian structure. Our corpus comprises 1,200 circuit fragments across eight algorithm families transpiled against three hardware topologies, validated on a 156-qubit production quantum computer confirming that QPU execution time remains invariant across a 25x variation in compiled depth. Under strict instance-disjoint generalisation, our attack recovers algorithm family with 0.960 accuracy (AUC 0.999), cut mechanism with 0.847 accuracy (AUC 0.924), and Hamiltonian k-locality with 0.960 accuracy (AUC 0.998). Connectivity and geometry inference achieve AUC of 0.986 and 0.942 with strong stability under size-holdout. Topology inference remains above chance (AUC 0.666). A matched-footprint control and ablation study confirm leakage is structure-dominated and not explained by scale artefacts. These results demonstrate that circuit cutting is not confidentiality-neutral and that metadata leakage should be treated as a first-class security concern in quantum cloud systems.