Microsoft defends against alleged misuse of AI services

The technology giant Microsoft has taken legal action to proceed against a group that, according to the company, has deliberately developed and used tools to circumvent the security measures of its cloud AI products. In a complaint filed in December in the U.S. District Court for the Eastern District of Virginia, Microsoft alleges that a group of ten unnamed defendants, referred to as "Does," used stolen customer data and custom-developed software to infiltrate the Azure OpenAI Service. The complaint indicates that the defendants allegedly violated several U.S. laws, including the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act. Microsoft's programs and servers were reportedly used to generate "objectionable" as well as "harmful and unauthorized content." Specific details about the content have not been disclosed. Microsoft is seeking a preliminary injunction and other equitable and compensatory measures from the courts. The company discovered in July 2024 that customer API keys for Azure OpenAI Services, particularly those used for application authentication, were being misused to generate content that violated the service's usage policies. Investigations revealed that the API keys had been stolen from paying customers. The alleged perpetrators are said to have established a "hacking-as-a-service" scheme, according to Microsoft. A client software they developed, called de3u, reportedly enabled the use of stolen API keys to generate images with DALL-E, a model from OpenAI. A GitHub repository containing the source code for the de3u project – with GitHub being part of Microsoft – is currently inaccessible. In a recently published blog post, Microsoft states that the court has authorized the company to seize a website crucial to the defendants' operations. Microsoft plans to gather evidence, better understand the alleged service, and disrupt additional technical infrastructures. Furthermore, unspecified countermeasures and additional security precautions have been implemented in the Azure OpenAI Service.