Microsoft Outs Hackers Behind Tools to Bypass Generative AI Guardrails
US and overseas hackers sold access to tools, which were then used to generate harmful content, Microsoft says.
The hackers identified by Microsoft are based in Iran, the UK, Hong Kong and Vietnam.
Photographer: d3sign/Moment RF/Getty Images
Microsoft Corp. said it has identified US and overseas-based criminal hackers who bypassed guardrails on generative artificial intelligence tools — including the company’s Azure OpenAI services — to generate harmful content, including non-consensual intimate images of celebrities and other sexually explicit content.
The hackers scraped customer logins from public sources and used them to access generative AI services, including Azure OpenAI, the Microsoft cloud product that lets customers use OpenAI’s models, according to the company. The hackers then changed the capabilities of the AI products and sold access to other malicious groups, providing them with instructions on how to create harmful content.
The hackers identified by Microsoft are based in Iran, the UK, Hong Kong and Vietnam. They are allegedly part of a global cybercrime network that Microsoft calls Storm-2139. Two other members are located in Florida and Illinois, but Microsoft said it isn’t naming them to avoid derailing criminal investigations. The software maker said it’s preparing criminal referrals to US and foreign law enforcement.
The action comes as the increasing popularity of generative AI tools fosters concerns about their misuse to generate faked illicit images of public figures and regular individuals, as well to create child sexual abuse material. Companies like Microsoft and OpenAI ban such behavior and take technological steps to block it, but malicious groups can still try to gain unauthorized access.