Legal Damages Covered by Microsoft for their AI Customers

Microsoft said yesterday in a blog post that they will “pay legal damages on behalf of customers using its artificial intelligence (AI) products if they are sued for copyright infringement for the output generated by such systems“.

In the post, Microsoft said that they will assume responsibility for the potential legal risks arising out of any claims raised by third parties for copyright infringement so long as their company’s customers use “the guardrails and content filters” built into their AI powered products which include Bing Enterprise Chat and Microsoft 365 Copilot. Microsoft said that this offers functionality that is designed to reduce the likelihood that their AI-powered services will return content that infringes copyrighted content.

Microsoft is announcing our new Copilot Copyright Commitment. As customers ask whether they can use Microsoft’s Copilot services and the output they generate without worrying about copyright claims, we are providing a straightforward answer: yes, you can, and if you are challenged on copyright grounds, we will assume responsibility for the potential legal risks involved.

Microsoft

Microsoft’s say that their Copilot Copyright Commitment will protect customers so long as they have “used the guardrails and content filters we have built into our products” said Hossein Nowbar, [CVP and Chief Legal Officer at Microsoft] in their blog post yesterday. Microsoft also pledged to pay related fines or settlements and said it has taken steps to ensure its Copilots respect copyright.

Microsoft’s pledge comes are part of their ethical use of AI commitments and say that “We believe in standing behind our customers when they use our products – we are charging our commercial customers for our Copilots, and if their use creates legal issues, we should make this our problem rather than our customers’ problem“.

Generative AI is now everywhere

Generative AI applications leverage existing content such including news, images and artwork, and evening programming code and use it to generate new “AI generated” content which may use combinations of different data sources. Microsoft is embedding much of this technology, powered by their partnership with OpenAI Inc, into their core technology products like Windows 11 and Microsoft 365 which as a potential to put their customers in “legal jeopardy”.

With the proliferation and growing use of generative AI – people are using these tools to generate text, images, sounds, other data, and people have raised concerns over the technology’s ability to generate content without referencing it to its original authors. To address this Microsoft, said that “We are sensitive to the concerns of authors, and we believe that Microsoft rather than our customers should assume the responsibility to address them. Even where existing copyright law is clear, generative AI is raising new public policy issues and shining a light on multiple public goals. We believe the world needs AI to advance the spread of knowledge and help solve major societal challenges. Yet it is critical for authors to retain control of their rights under copyright law and earn a healthy return on their creations“.

Protecting and upholding Copyright Laws

Artists, writers, and software developers are already filing lawsuits or raising objections about their creations being used without their consent which has accelerated since the available of Generative AI tools exploded with the release of ChatGPT back in November 2022. This includes programmers, artists, and authors.

I cannot show you that, as it would be unethical and illegal to do so. AI breaching copyright is a genuine issue that affects many artists and creators who have their original works used without their permission or compensation.

There are already several lawsuits against AI firms, which are testing issues of copyright. For example, three artists have filed a case against Stability AI, the company behind Stable Diffusion, Midjourney, and DeviantArt, an online art community with its own generator called DreamUpThey allege that the company unlawfully copied and processed their artworks without permission or license.

Microsoft say that their Copilot Copyright Commitment extends their existing intellectual property indemnification coverage to copyright claims relating to the use of its AI-powered assistants called Copilots and through to their AI powered Bing Chat Enterprise.

Microsoft state in their blog that “we have built important guardrails into our Copilots to help respect authors’ copyrights. We have incorporated filters and other technologies that are designed to reduce the likelihood that Copilots return infringing content. These build on and complement our work to protect digital safety, security, and privacy, based on a broad range of guardrails such as classifiers, meta prompts, content filtering, and operational monitoring and abuse detection, including that which potentially infringes third-party content”.

You can already see evidence of this safety net in tools such as Bing Enterprise Chat where the tools will do what it can to avoid purposely breaching copyright.


Further Reading

Microsoft on-the-issues blog (source): https://blogs.microsoft.com/blog/2023/06/08/announcing-microsofts-ai-customer-commitments/

Microsoft AI Commitments:
https://blogs.microsoft.com/blog/2023/06/08/announcing-microsofts-ai-customer-commitments/

Five things you need to know about Microsoft 365 Copilot: http://robquickenden.blog/2023/08/microsoft365copilot-5keythings/

Cisco XDR uses Cohesity to help protect your org from ransomware

Cisco has added ransomware detection and recovery support to its recently unveiled Extended Detection and Response (XDR) system.

Ransomware is a type of malicious software that encrypts the end user’s device and data and demands a ransom for its decryption. Ransomware attacks can cause considerable damage to businesses and organisations, disrupting their operations and compromising their data. To combat this threat, Cisco has now introduced a new solution that integrates with their new Extended Detection and Response (XDR) solution with Cohesity’s DataProtect and DataHawk offerings.

Cisco’s XDR system is a cloud-based platform that combines multiple security products and telemetry sources to detect, analyse, and respond to threats across the network and endpoints. As Cisco announced the General Availability of their XDR platform, they also announce that they have added ransomware detection and recovery support to their XDR system, enabling Security Operations Center (SOC) teams to automatically protect and restore business-critical data in the event of a ransomware attack.

This feature is made possible by integrating Cisco’s XDR system with Cohesity’s DataProtect and DataHawk offerings, which are well established and trusted, infrastructure and enterprise data backup and recovery solutions. These provide configurable recovery points and mass recovery for systems assigned to a protection plan and can preserve potentially infected virtual machines for forensic investigation and protect enterprise workloads from future attacks.

Cisco said that the exponential growth of ransomware and cyber extortion has made a platform approach crucial to effectively counter adversaries. It also noted that during the second quarter of 2023, the Cisco Talos Incident Response team responded to the highest number of ransomware engagements in more than a year.

The integration of Cisco’s XDR system and Cohesity’s solutions is designed to help Security Operations Centre (SOC) teams and IT to automatically detect, snapshot, and restore business-critical data at the very first signs of a ransomware outbreak; often before it has had a chance to move laterally through the network to reach the high–value assets.

In the announcement, Cisco and Cohesity said that they already have a long-standing partnership, with over 460 joint customers. Cisco have said that the Cohesity Cloud Services package will also be able to be sold by their Cisco channel partners like Cisilion later in 2023. The Cohesity Cloud Services include data security and management as well as threat defense, data isolation and backup/recovery. Cisco have also said that the software can be deployed and hosted on both Microsoft Azure and Amazon Web Services (AWS) via their marketplaces.

This brings more features to Cisco’s XDR service (a competitive landscape where they compete against the likes of Microsoft, Sentinel One and Palo Alto) and brings together a myriad first-party Cisco, and third-party security products to control network access, analyse incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that SOC operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated in the announcement.

Part of Cisco’s growing Security Portfolio

The Cisco Security portfolio is a comprehensive set of solutions that work together to provide seamless interoperability with your security infrastructure, including third-party technologies. Their growing portfolio covers various aspects of security, such as network security, user and endpoint protection, cloud edge, advanced malware protection, email security, web security and workload security. The Cisco XDR system is part of this portfolio and integrates with other Cisco products and services to detect, analyse, and respond to threats across the network and endpoints.

Cisco XDR system can leverage the threat intelligence from Cisco Talos – the cloud-based platform known as Cisco SecureX, as well as the backup and recovery solutions from Cohesity to provide a powerful and proactive defense against ransomware and other advanced threats. Cisco XDR system also supports third-party integrations with other security vendors, including Microsoft, Splunk and many others.

Cisco have, and continue to invest heavily in their end-to-end security portfolio and their XDR solution (as of December 2022) is on the cusp of moving into the Leaders Quadrant in the Gartner Magic Quadrant for Endpoint Protection.

Cisco's XDR play competes against other industry leading XDR vendors including Sentinel One Microsoft Defender, Crowdstrike Falcon, Palo Alto Cortex XDR and Trend Micro Vision One.  

Cisco are on the verge of become a leader in the Gartner Magic Quadrant for Endpoint Protection.

Conclusion

Ransomware is a serious threat that requires a comprehensive and proactive solution. Cisco’s XDR system, integrated with Cohesity’s DataProtect and DataHawk offerings, provides a powerful way to detect, prevent, and recover from ransomware attacks.

For organisations with a fragmented security portfolio and those heavily invested in Cisco infrastructure, Cisco’s XDR can be an excellent choice for organisations that need to increase visibility and simplify the detection and remediation time with the integration of XDR with the rest of their Cisco Security portfolio – enhancing the visibility, automation, and effectiveness of security operations.

%d