Microsoft sues hackers over AI security breach

Stolen API keys were allegedly used to exploit Microsoft’s AI tools and evade content filters.

Microsoft, AI, lawsuit, Azure, OpenAI

Microsoft has taken legal action against a group accused of bypassing security measures in its Azure OpenAI Service. A lawsuit filed in December alleges that the unnamed defendants stole customer API keys to gain unauthorised access and generate content that violated Microsoft’s policies. The company claims the group used stolen credentials to develop hacking tools, including software named de3u, which allowed users to exploit OpenAI’s DALL-E image generator while evading content moderation filters.

An investigation found that the stolen API keys were used to operate an illicit hacking service. Microsoft alleges the group engaged in systematic credential theft, using custom-built software to process and route unauthorised requests through its cloud AI platform. The company has also taken steps to dismantle the group’s technical infrastructure, including seizing a website linked to the operation.

Court-authorised actions have enabled Microsoft to gather further evidence and disrupt the scheme. The company says additional security measures have been implemented to prevent similar breaches, though specific details were not disclosed. While the case unfolds, Microsoft remains focused on strengthening its AI security protocols.