Inside Microsoft's Battle Against Cloud-Enabled Deepfake Threats
Alessandro Brucato, Stefano Chierici
fwd:cloudsec North America 2025 · Day 1 · Track 1 - Crystal
Alessandro Brucato and Stefano Chierici present an investigation into how attackers abuse stolen cloud API credentials to generate deepfakes at scale, connecting the dots between **LLMjacking** (unauthorized use of cloud AI APIs via stolen credentials), the **OAI Reverse Proxy** ecosystem, a purpose-built deepfake generation tool called **D3U**, and Microsoft's December 2024 lawsuit against the individuals behind these tools. The talk maps the full attack chain from credential theft through proxy infrastructure to deepfake generation, examines how D3U bypasses Azure OpenAI's content safety controls by jailbreaking prompts and stripping **C2PA content credential metadata**, and reviews Microsoft's **AI shared responsibility model** and the technical defenses available within Azure OpenAI.
AI review
Decent threat intelligence mapping of the LLMjacking-to-deepfake pipeline and the actors Microsoft sued, but this is fundamentally a survey talk with minimal original technical depth. The attack chain is credential theft plus proxy plus jailbreak prompt -- none of which are novel techniques. The most interesting bits (D3U's C2PA stripping, prompt jailbreaking) get surface treatment rather than deep analysis.