OpenAI and Microsoft Disrupt Malicious AI Use by State-Affiliated Threat Actors

Written by Henrik Rothen

Feb.14 - 2024 8:09 PM CET

Photo: Ascannio /
Photo: Ascannio /
OpenAI and Microsoft Disrupt Malicious AI Use by State-Affiliated Threat Actors.

Trending Now

OpenAI, in collaboration with Microsoft Threat Intelligence, has announced the disruption of five state-affiliated threat actors aiming to exploit AI services for malicious cyber activities. This action highlights the ongoing battle against cyber threats and the importance of securing AI technology from misuse.

Identifying and Disrupting Threat Actors

Through their partnership, OpenAI and Microsoft have successfully identified and disrupted operations of five malicious groups: two affiliated with China known as Charcoal Typhoon and Salmon Typhoon; one affiliated with Iran called Crimson Sandstorm; one with North Korea named Emerald Sleet; and one with Russia referred to as Forest Blizzard. Accounts linked to these actors on OpenAI's platform were promptly terminated.

The threat actors primarily sought to utilize OpenAI services for a range of activities including open-source intelligence gathering, translation, debugging and coding, as well as crafting content for phishing campaigns.

Specific Misuses of AI Services
  • Charcoal Typhoon and Salmon Typhoon were involved in researching companies and cybersecurity tools, debugging code, generating scripts, and creating phishing content.

  • Crimson Sandstorm focused on app and web development scripting support, generating spear-phishing content, and researching malware detection evasion techniques.

  • Emerald Sleet aimed to identify defense-focused experts and organizations, understand vulnerabilities, assist with scripting tasks, and draft phishing content.

  • Forest Blizzard conducted open-source research into satellite communication protocols and radar imaging technology, alongside scripting support.

A Multi-Pronged Approach to AI Safety

Understanding the potential for AI misuse, especially by state-affiliated actors with access to advanced technology and resources, OpenAI is adopting a multi-pronged strategy to counteract these threats.

This includes monitoring and disrupting malicious activities, collaborating with the AI ecosystem for information sharing, iterating on safety mitigations based on real-world use, and maintaining public transparency regarding threats and defenses.

The Importance of Collaboration and Transparency

The partnership between OpenAI and Microsoft exemplifies the critical role of collaboration and information sharing within the AI community to address and mitigate threats. By making their findings public, OpenAI aims to foster a more secure and transparent digital environment, encouraging collective defense strategies against evolving cyber threats.

While the majority of users leverage AI systems for positive and impactful applications, OpenAI acknowledges the small fraction of malicious actors that pose a significant challenge. Through ongoing innovation, investigation, collaboration, and sharing, OpenAI and its partners are committed to making it increasingly difficult for these actors to operate undetected and ensuring a safer experience for all users.

Most Read