Shane Jones, a manager in Microsoft’s software engineering department, recently uncovered a vulnerability in OpenAI’s DALL-E 3 model, renowned for generating text-based images. This flaw enables the model to bypass AI Guardrails, generating inappropriate NSFW content. Despite reporting the issue internally, Jones faced a “Gagging Order” from Microsoft, preventing him from disclosing the vulnerability. In defiance, Jones publicly shared the information, citing concerns about potential security risks.
Jones discovered the vulnerability during independent research in December and promptly reported it to both Microsoft and OpenAI. In an open letter on LinkedIn, he emphasized security risks and urged OpenAI to suspend the DALL-E 3 model until the flaw was addressed. Microsoft’s response was swift, instructing him to remove the LinkedIn post without explanation.
Despite seeking internal communication with Microsoft, Jones received no response, prompting him to disclose the vulnerability to the media and relevant authorities. He linked it to incidents of AI-generated inappropriate content featuring Taylor Swift, allegedly created using Microsoft’s Designer AI function, underpinned by the DALL-E 3 model.
Microsoft’s legal department warned Jones to cease external disclosures, but the vulnerability remained unpatched. Media outlets sought an official response, leading Microsoft to acknowledge the concerns raised by Jones. The company assured it would address the issues but downplayed the vulnerability’s severity, citing a low success rate and questioning its relation to the Taylor Swift incident.
This incident highlights the challenges and ethical considerations in AI technology, particularly managing vulnerabilities that compromise user safety and generate inappropriate content. The clash between disclosure, security, and ethical responsibilities underscores the complexity of navigating AI advancements.