{"id":1304,"date":"2025-01-14T05:05:02","date_gmt":"2025-01-14T05:05:02","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/01\/14\/microsoft-takes-legal-action-against-ai-hacking-as-a-service-scheme-html\/"},"modified":"2025-01-14T05:05:02","modified_gmt":"2025-01-14T05:05:02","slug":"microsoft-takes-legal-action-against-ai-hacking-as-a-service-scheme-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/01\/14\/microsoft-takes-legal-action-against-ai-hacking-as-a-service-scheme-html\/","title":{"rendered":"Microsoft Takes Legal Action Against AI \u201cHacking as a Service\u201d Scheme"},"content":{"rendered":"\n<div>Microsoft Takes Legal Action Against AI \u201cHacking as a Service\u201d Scheme<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Not sure this will matter in the end, but it\u2019s a <a href=\"https:\/\/arstechnica.com\/security\/2025\/01\/microsoft-sues-service-for-creating-illicit-content-with-its-ai-platform\/\">positive move<\/a>:<\/p>\n<blockquote>\n<p>Microsoft is accusing three individuals of running a \u201chacking-as-a-service\u201d scheme that was designed to allow the creation of harmful and illicit content using the company\u2019s platform for AI-generated content.<\/p>\n<p>The foreign-based defendants developed tools specifically designed to bypass safety guardrails Microsoft has erected to prevent the creation of harmful content through its generative AI services, <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2025\/01\/10\/taking-legal-action-to-protect-the-public-from-abusive-ai-generated-content\/\">said<\/a> Steven Masada, the assistant general counsel for Microsoft\u2019s Digital Crimes Unit. They then compromised the legitimate accounts of paying customers. They combined those two things to create a fee-based platform people could use.<\/p>\n<\/blockquote>\n<p>It was a sophisticated scheme:<\/p>\n<blockquote>\n<p>The service contained a proxy server that relayed traffic between its customers and the servers providing Microsoft\u2019s AI services, the suit alleged. Among other things, the proxy service used undocumented Microsoft network application programming interfaces (APIs) to communicate with the company\u2019s Azure computers. The resulting requests were designed to mimic legitimate Azure OpenAPI Service API requests and used compromised API keys to authenticate them.<\/p>\n<\/blockquote>\n<p>Slashdot <a href=\"https:\/\/yro.slashdot.org\/story\/25\/01\/11\/073210\/foreign-cybercriminals-bypassed-microsofts-ai-guardrails-lawsuit-alleges\">thread<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Bruce Schneier<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2025\/01\/microsoft-takes-legal-action-against-ai-hacking-as-a-service-scheme.html\">Go to bruce schneier<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Takes Legal Action Against AI \u201cHacking as a Service\u201d Scheme Not sure this will matter in the end, but it\u2019s a positive move: Microsoft is accusing three individuals of running a \u201chacking-as-a-service\u201d scheme that was designed to allow the creation of harmful and illicit content using the company\u2019s platform for AI-generated content. The foreign-based [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[167,57,97,268,158,1],"tags":[87],"class_list":["post-1304","post","type-post","status-publish","format-standard","hentry","category-ai","category-bruce-schneier","category-hacking","category-llm","category-microsoft","category-uncategorized","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/1304"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=1304"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/1304\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=1304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=1304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=1304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}