Microsoft accuses group of developing tool to abuse its AI service in new lawsuit
Microsoft sues over Azure OpenAI Service misuse via stolen API keys.
Microsoft has initiated legal proceedings against a group of unnamed defendants for allegedly using unauthorized tools to bypass protective measures in its Azure OpenAI Service. The defendants, referred to as 'Does' in the legal complaint, are accused of stealing customer credentials to access Microsoft's systems, contravening the Computer Fraud and Abuse Act, among other legal violations.
The misuse reportedly began after Microsoft discovered stolen API keys in July 2024, which were allegedly employed to produce inappropriate content that violates the service's policies. The group created a client-side tool, de3u, that facilitated unauthorized access and enabled the generation of images using DALL-E without adhering to required content controls.
In response, Microsoft has sought both injunctive relief and damages and has been granted authorization to seize a crucial website linked to the defendants. Through this legal action, Microsoft aims to dismantle the alleged 'hacking-as-a-service' operation, while implementing unspecified safety measures and counteractions to enhance its service's security.