Extract from Isha Marathe and Cassandre Coyer’s article “Legal Industry Players Missed a Microsoft AI Loophole That Could Expose Confidential Data”
More than a year after law firms and legal tech companies signed onto Microsoft’s Azure OpenAI Service, which gives users access to OpenAI’s generative artificial intelligence models via the Azure Cloud, many found out that a terms-of-use loophole could make privileged information susceptible to third-party review.
Whether those who know about the loophole have informed their clients and customers or whether everyone using the service even knows of the potential vulnerability is unclear.
Under its “abuse monitoring” policy, Microsoft can retain and manually review certain user prompts if they trigger the provider’s system. Firm and vendor sources told Legaltech News that the policy was tucked in a nexus of terms and conditions, and as the race for AI adoption ramped up, users—well, missed it.
Now, some are scrambling for the Golden Ticket, that is, an exemption from the abuse monitoring policy and, in turn, from having their data retained and subject to scrutiny. But they are finding that nabbing one of these exemptions is far more complex and expensive than Microsoft’s online policy states, setting them up to halt major generative AI-powered development projects or continue on and hope for the best.
