Did you know Microsoft Takes Legal Action Against Internet Domain Who Stole Login Credentials for Azure OpenAI

 

Software giant Microsoft is opening up about a new lawsuit it filed against an internet domain. This group of hackers managed to produce the most dangerous and offensive material through the company's Azure OpenAI platform.

The goal of these hackers was to bypass all security checks in place and use the image generator for the wrong reasons. This was shared in the complaint that the firm launched as a part of a court document in Virginia against the accused group.

As per the filing generated, the creators managed to hack sensitive login details that gave them complete access to DALL-E to produce material. This ended up bypassing all the guardrails and accessing the service. After that, it used the material and resold the access to other threat actors with details on how to use customized tools to produce harmful material and illegal content.

The software giant shared the activity where hackers got access to Azure OpenAI via API keys. This was thanks to company clients located in New Jersey and Pennsylvania who fueled the  AI generator through the de3u tool. This was found in the past on the GitHub domain before it was removed.

For now, no exact details on the type of offensive material produced were shared. But we can clarify that it was able to bypass security stops by stopping Azure from revising prompts if they featured certain key terms that promoted content filter activation.

Microsoft also delineated how it noticed that many hackers took some steps to cover tracks left behind. This entailed attempts to delete pages featuring the GitHub repository for the tool used. They even found discussions of the creators of the de3u tool talking about the matter on different forums.

This might be another hint that this same group could try to outsmart the software giant again with another targeting incident involving its AI image generator. For now, the company shared the news publicly in a blog post. They hope to send a clear warning that any online actor who threatens its AI systems will not be spared.

They’ve even shared a list of countermeasures in place with the right guardrails that prevent any further attempts to use its products maliciously.