The Technology section is published with the support of Favbet Tech
A Microsoft engineer claims that OpenAI's DALL-E 3 has security vulnerabilities that could allow users to generate violent or explicit images (like those recently targeted at Taylor Swift). However, the company's legal department blocked attempts by Microsoft engineering leader Shane Jones to warn the public about this vulnerability. The “Whistleblower,” as he calls himself, is now taking his message to Capitol Hill (US Senate).
I have concluded that DALL-E 3 poses a threat to public safety and should be removed from public access until OpenAI addresses the risks associated with this model.< /p>
— Jones wrote to US Senators Patty Murray (D-WA) and Maria Cantwell (D-WA), Representative Adam Smith (D-WA 9th District) and the Attorney General Washington State Bob Ferguson (D).
Jones claims that in early December he discovered an exploit that could bypass DALL-E 3's security systems. He says he reported the issue to his management at Microsoft, who instructed him to “personally report the issue directly to OpenAI.” He then claims to have learned that the flaw could allow the generation of “violent and disturbing malicious images,” reports Engadget.
Jones then tried to raise public awareness of his problem in a post on LinkedIn. “On the morning of December 14, 2023, I publicly posted a letter on LinkedIn to the OpenAI board of directors calling for the suspension of access to DALL-E 3),” Jones wrote. “Because Microsoft is an observer on the OpenAI board of directors and I previously shared my concerns with my management team, I immediately notified Microsoft of the letter I published.”
Shortly after I disclosed the letter to my management, my manager contacted me and informed me that Microsoft Legal had requested that I remove the post. He told me that Microsoft's legal department would be emailing specific reasons for the removal request very soon, and that I should remove it immediately without waiting for an email from the lawyer.
—he wrote in his letter.
Vacancies
Journalist, author of stories about IT, business and people in MC.today MC.today
Customer Success Manager Go Interactive
Senior Strong Python Engineer Impressit, Lviv, salary 6000
QA Engineer WhiteBIT
Jones complied with the request, but, according to him, a more detailed response was never received from Microsoft's legal department. “I never received any explanation or justification from them.” Further attempts to learn more from the company's legal department were ignored. “Microsoft Legal has yet to respond or contact me directly.”
An OpenAI spokesperson wrote to Engadget in an email:
Python course. This programming varies from basic concepts to complex concepts in the spheres of individual intelligence. After completing the course, you are guaranteed to get a job in IT. More about the course
We immediately investigated the Microsoft employee's report when we received it on December 1 and confirmed that the method he shared did not bypass our security systems. Safety is our priority and we take a multifaceted approach. At the core of the DALL-E 3 model, we worked to filter out the most explicit content from training data, including graphic sexual content and violence, and developed robust image classifiers that prevent the model from generating malicious images.
We have also implemented additional security measures for our products, ChatGPT and DALL-E API, including rejecting requests that ask for the name of a public person. We detect and reject messages that violate our policies and filter all generated images before they are shown to the user. We use external teams of experts to check for abuse and strengthen our guarantees.
Meanwhile, a Microsoft spokesperson responded: “We are committed to addressing all employee concerns in accordance with our company policy, and value employee efforts in learning and testing our latest technologies to further improve their security. With respect to security bypasses or issues that may have a potential impact on our services or our partners, we have established robust internal reporting channels to properly investigate and resolve any issues that we have advised employees to use so that we can properly review their concerns before talk about it publicly.”
According to a whistleblower, the Taylor Swift porn fakes that have spread to X are one illustration of what such vulnerabilities can lead to if left unchecked.
Microsoft was aware of these vulnerabilities and the potential for abuse.
—Jones summed up.
Jones calls on representatives in Washington to take action. He proposes that the US government create a system for reporting and tracking specific AI vulnerabilities, while protecting employees who speak up:
We must hold companies accountable for the safety of their products. Concerned workers like me should not be bullied into silence.
The Technology section is published with the support of Favbet Tech
Favbet Tech is IT a company with 100% Ukrainian DNA, which creates perfect services for iGaming and Betting using advanced technologies and provides access to them. Favbet Tech develops innovative software through a complex multi-component platform that can withstand enormous loads and create a unique experience for players. The IT company is part of the FAVBET group of companies.