The Technology section is powered by Favbet Tech
A Microsoft engineer claims that OpenAI’s DALL-E 3 has security vulnerabilities that could allow users to generate violent or explicit images (similar to those recently targeted at Taylor Swift). However, the company’s legal department blocked attempts by Microsoft engineering leader Shane Jones to warn the public about this vulnerability. The “whistleblower,” as he calls himself, is now taking his message to Capitol Hill (US Senate).
I have concluded that DALL-E 3 poses a threat to public safety and should be removed from public access until OpenAI addresses the risks associated with this model.
Jones wrote to U.S. Sens. Patty Murray (D-WA) and Maria Cantwell (D-WA), Rep. Adam Smith (D-WA 9th District) and Washington State Attorney General Bob Ferguson (D).
Jones claims that in early December he discovered an exploit that bypasses DALL-E 3’s security systems. He says he reported the issue to his Microsoft management, who instructed him to “personally report the issue directly to OpenAI.” Afterward, he claims to have learned that the flaw could allow the generation of “violent and disturbing malicious images,” Engadget reports.
Jones then tried to draw public attention to his problem in a LinkedIn post. “On the morning of December 14, 2023, I publicly posted a letter on LinkedIn to the OpenAI Board of Directors calling for the suspension of access to DALL-E 3),” Jones wrote. “Because Microsoft is an observer on OpenAI’s board of directors, and I had previously shared my concerns with my leadership team, I immediately notified Microsoft of the letter I published.”
Shortly after I disclosed the letter to my management, my manager contacted me to say that Microsoft’s legal department had requested that I remove the post. He told me that Microsoft’s legal department would email me very soon with the specific rationale for the removal request, and that I should remove it immediately without waiting for an email from a lawyer.
he wrote in his letter.
Jones complied with the request, but he said he never received a detailed response from Microsoft’s legal department. “I never got any explanation or excuse from them.” Further attempts to learn more from the company’s legal department were ignored. “Microsoft’s legal department has still not responded or contacted me directly.”
An OpenAI representative wrote to Engadget in an email:
We immediately investigated the Microsoft employee’s report when we received it on December 1st and confirmed that the method he shared did not bypass our security systems. Safety is our priority and we take a multi-pronged approach. At the heart of the DALL-E 3 model, we worked to filter out the most explicit content from the training data, including graphic content of a sexual nature and violence, and developed robust image classifiers that prevent the model from generating harmful images.
We have also implemented additional security measures for our products, ChatGPT and DALL-E API – including rejecting requests that ask for the name of a public person. We detect and reject messages that violate our policies and filter all generated images before they are shown to the user. We use external expert teams to check for abuse and strengthen our safeguards.
Meanwhile, a Microsoft spokesperson responded: “We are committed to addressing all issues raised by employees in accordance with our company policy, and we appreciate the efforts of employees in learning and testing our latest technologies to further improve their security. For security bypasses or issues that may have a potential impact on our services or our partners, we have established robust internal reporting channels to properly investigate and remediate any issues that we have advised employees to use so that we can properly investigate his concerns before than to talk about it publicly.’
According to the whistleblower, the fake Taylor Swift porn that spread in X is one illustration of what such vulnerabilities can lead to if left unchecked.
Microsoft was aware of these vulnerabilities and the potential for abuse.
Jones concluded.
Jones is calling on representatives in Washington to take action. He suggests the US government create a system for reporting and tracking specific AI vulnerabilities, while protecting employees who speak up:
We need to hold companies accountable for the safety of their products. Concerned workers like myself should not be bullied into silence.
X/Twitter has unblocked Taylor Swift from search — after being temporarily restricted by a flood of porn dipfakes
The Technology section is powered by Favbet Tech
Favbet Tech is an IT company with 100% Ukrainian DNA, which creates perfect services for iGaming and Betting using advanced technologies and provides access to them. Favbet Tech develops innovative software through a complex multi-component platform capable of withstanding huge loads and creating a unique experience for players. The IT company is part of the FAVBET group of companies.
