By LBT Technology Group, LLC. on Friday, 08 November 2024
Category: Security

Vulnerabilities found in Microsoft Azure AI

Threat update

​Significant vulnerabilities in Microsoft's Azure AI Content Safety services have been discovered. These vulnerabilities enable attackers to bypass safeguards and deploy harmful AI-generated content.

Technical Detail and Additional Info

What is the threat?

​Attackers are using techniques such as 'Character Injection' and 'Adversarial ML Evasion', to exploit Azure AI Content Safety services.


Once the attacker bypasses both the AI Text Moderation and Prompt Shield guardrails, they can inject harmful content, manipulate the model's responses, or compromise sensitive information. This exposure challenges our perception of what it takes to create effective AI guardrails.

Why is it noteworthy?

​Azure AI Content Safety is a cloud-based service designed to assist developers in establishing safety and security guardrails for AI applications by identifying and managing inappropriate content. It employs advanced techniques to filter out harmful material, including hate speech and explicit or objectionable content. Azure OpenAI leverages a large language model (LLM) equipped with Prompt Shield and AI Text Moderation guardrails to validate inputs and AI-generated content. Many people rely on Microsoft's Azure AI Content Safety service for responsible AI behavior.

However, the two security vulnerabilities found within these guardrails, which are intended to protect AI models from jailbreaks and prompt injection attacks, means that attackers can bypass both the AI Text Moderation and Prompt Shield guardrails, allowing them to inject harmful content, manipulate the model's responses, or even compromise sensitive information.

What is the exposure or risk?

​These vulnerabilities mean that developers and users must be more careful of any harmful, inappropriate, or manipulated content appearing in their AI-generated outputs.

What are the recommendations?

 LBT Technology Group recommends the following actions to protect your environment against these vulnerabilities:

References

 For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact LBT's Sales Engineer.

Related Posts

Leave Comments