Microsoft has initiated a legal battle against an unidentified group, alleging misuse of its cloud AI services. The tech bigwig alleges that the covert group employed tools designed to circumnavigate the security systems of its cloud AI offerings.
Court filings in the Eastern District of Virginia reveal the group supposedly deployed stolen client credentials and unique software to infiltrate Azure OpenAI Service. The service, operated by Microsoft, is fortified with technology from renowned AI manufacturer, OpenAI.
Microsoft claims that the clandestine group contravened various laws, including the Computer Fraud and Abuse Act, Digital Millennium Copyright Act, and federal racketeering provisions. The alleged offence included unauthorized access to Microsoft’s software and servers to produce unsolicited and damaging content, although the company did not disclose details about the offensive content.
The tech company seeks not only injunctive relief but also damages. According to the complaint, Microsoft uncovered in July 2024 that API keys, used to verify an app or user, were being employed to generate content in violation of the service’s acceptable use policy. Further investigation revealed the theft of these API keys from paying clients.
The defendants allegedly used stolen Azure OpenAI Service API keys to set up a ‘hacking-as-a-service’ model. To execute this, the group supposedly developed a tool named de3u. This tool would enable users to generate images using stolen API keys through DALL-E, an OpenAI model accessible to Azure OpenAI Service clients, without writing their own code.
On the other hand, Microsoft has confirmed that it has implemented countermeasures and introduced extra security mitigations for the Azure OpenAI Service to combat the activities it observed.
Original source: Read the full article on TechCrunch
