Microsoft has now joined the growing ranks of legal claims bordering on what has been described as “Misuse of its AI services” by stealing and, thus, “piercing” critical safety measures on the platform. The 10 Doe defendants, unnamed in the suit, purportedly committed theft of user credentials and access to Microsoft Azure OpenAI.

API Key Theft and Unauthorized Access Services

As per Microsoft, the defendants systematically and through their deceitful acts stole API keys, the fundamental means of authentication to its AI services. The hacked accounts were allegedly pivotal in creating an act of “unauthorized access services” One main ingredient for that operation would be De3u, a software that enabled one to convert images synthesized by OpenAI’s DALL-E without the necessity of writing an actual code.

The company’s complaint also mentioned that De3u is preferable as it can bypass Azure OpenAI’s content moderation system hence making it possible to generate harmful and unauthorized content. Microsoft is alleging that the acts of the defendants have crossed both legitimate and illegitimate digital activities into violations of various statutes such as the Computer Fraud and Misuse Act and the Digital Millennium Copyright Act, as well as federal racketeering laws.

Microsoft’s Counteroffensive and Legal Action

Microsoft stated that the misuse of its API keys was discovered in July 2024, and steps were taken to remedy this situation. The company recently received court permission to take control of a domain central to the operations of the defendants, thereby allowing Microsoft to gather evidence and demolish the remaining technical infrastructure used in the scheme.

The company would also have to remove De3u’s entire repository from its GitHub and has instituted new security measures to safeguard its Azure OpenAI services.

Moving Forward

In addition to seeking damages, Microsoft is pursuing injunctive relief to prevent further misuse of its services. The tech giant emphasized its commitment to ensuring the integrity of its platforms and protecting its customers from malicious activities.

This lawsuit highlights the increasing challenges tech companies face in securing their AI platforms as they become more widely adopted across industries.