Microsoft accuses group of developing tool to abuse its AI service in new lawsuit

Microsoft sues over Azure OpenAI Service misuse via stolen API keys.

: Microsoft has filed a lawsuit against unnamed defendants for allegedly using stolen credentials and custom software to bypass Azure OpenAI Service safeguards. Microsoft accused the group of generating illicit content and unauthorized access, violating several laws including the Computer Fraud and Abuse Act. The defendants allegedly developed a tool named de3u to misuse API keys and generate content unethically, prompting Microsoft to seek legal and injunctive relief.

Microsoft has initiated legal proceedings against a group of unnamed defendants for allegedly using unauthorized tools to bypass protective measures in its Azure OpenAI Service. The defendants, referred to as 'Does' in the legal complaint, are accused of stealing customer credentials to access Microsoft's systems, contravening the Computer Fraud and Abuse Act, among other legal violations.

The misuse reportedly began after Microsoft discovered stolen API keys in July 2024, which were allegedly employed to produce inappropriate content that violates the service's policies. The group created a client-side tool, de3u, that facilitated unauthorized access and enabled the generation of images using DALL-E without adhering to required content controls.

In response, Microsoft has sought both injunctive relief and damages and has been granted authorization to seize a crucial website linked to the defendants. Through this legal action, Microsoft aims to dismantle the alleged 'hacking-as-a-service' operation, while implementing unspecified safety measures and counteractions to enhance its service's security.