Microsoft Accuses Hackers of Illegally Accessing Servers to Produce Dangerous AI Content

According to Tech Crunch, Microsoft has initiated a lawsuit against 10 unidentified defendants.

This action, lodged in the US District Court for the Eastern District of Virginia, accuses the group of bypassing safety measures in its Azure OpenAI Service, leading to the creation of inappropriate and illegal content.

Microsoft’s charges encompass violations of the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, and federal racketeering law.

The issue came to light when Microsoft detected misuse of the Azure OpenAI Service API keys last July.

These keys, which are essential for user authentication, were reportedly stolen from legitimate users.

The theft of these API keys seems to be part of a broader scheme involving the defendants.

Microsoft’s investigation suggests that these activities were likely aimed at developing a hacking-as-a-service product.

The accused have allegedly created a tool known as de3u, which not only steals API keys but also enables communication with Microsoft servers to bypass content restrictions.

Interestingly, de3u has capabilities that allow it to evade Azure OpenAI Services’ built-in content filters and modify user prompts.

This functionality enabled the generation of content and images through platforms like DALL-E, which normally wouldn’t be permitted under Microsoft’s guidelines.

In response to these infractions, Microsoft swiftly had a Github repository linked to these activities taken offline and secured a court order to seize a website connected to the defendants’ operations.

This decisive action underlines Microsoft’s commitment to maintaining the safety and integrity of its services against malicious exploits.