Microsoft identifies developers it says evaded AI guardrails
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Natalie Peeples/Axios
Microsoft has updated a lawsuit to name four developers it says were part of an effort to evade its generative AI guardrails and enable the creation of celebrity deepfakes, among other things.
Why it matters: While Microsoft and others have established systems designed to prevent misuse of generative AI, those protections only work when the technological and legal systems can effectively enforce them.
Driving the news: Microsoft named four developers it says are part of the Storm-2139 global cybercrime network: Arian Yadegarnia aka "Fiz" of Iran; Alan Krysiak aka "Drago" of the United Kingdom; Ricky Yuen aka "cg-dot" of Hong Kong and Phát Phùng Tấn aka "Asakuri" of Vietnam.
- Microsoft said that members of Storm-2139 used compromised customer credentials to hack accounts with access to generative AI services and then bypassed the tools' safety guardrails.
- The individuals then sold access to the accounts, along with "detailed instructions on how to generate harmful and illicit content, including non-consensual intimate images of celebrities and other sexually explicit content."
- Microsoft initially filed suit in December, listing defendants as "John Does" at the time. The lawsuit was unsealed in January, at which time Microsoft spoke out publicly.
What they're saying: "We are pursuing this legal action now against identified defendants to stop their conduct, to continue to dismantle their illicit operation, and to deter others intent on weaponizing our AI technology," Microsoft said in a blog post on Thursday.
The intrigue: Microsoft said the four named defendants aren't the only participants in the scheme it has identified.
- "While we have identified two actors located in the United States — specifically, in Illinois and Florida — those identities remain undisclosed to avoid interfering with potential criminal investigations," the company said. "Microsoft is preparing criminal referrals to United States and foreign law enforcement representatives."
Between the lines: Microsoft said a court order allowing the company to seize a "website instrumental to the criminal operation," helped both disrupt the scheme and uncover its participants.
- "The seizure of this website and subsequent unsealing of the legal filings in January generated an immediate reaction from actors, in some cases causing group members to turn on and point fingers at one another."
Yes, but: Microsoft said it also led to the "doxxing" of its lawyers, including the posting of names, personal information, and in some instances, their photographs.
