Security Flaws Discovered in Microsoft’s PhotoDNA Technology
Researchers in Flanders have identified significant security vulnerabilities in PhotoDNA, a Microsoft technology widely used to identify illicit content online. The findings raise concerns about potential data leaks, the spread of illegal material, and the possibility of wrongful accusations, according to a report published on March 19, 2026.
Developed in 2009, PhotoDNA works by creating a digital fingerprint for images, enabling their detection even after slight alterations. The technology is employed by platforms like Facebook, Gmail, and WhatsApp to flag and remove illegal content, such as child sexual abuse imagery. Authorities maintain databases of fingerprints from known illegal images, and the system automatically identifies matches when photos are uploaded.
But, the study revealed that exploiting these vulnerabilities could allow for the visual reconstruction of images from their digital fingerprints – a capability previously thought impossible. Researchers also found that simple modifications to images, like altering borders or colors, could allow illegal content to evade detection. It may be possible to manipulate legitimate images to falsely match those on blacklists.
The research also highlighted the risk of “collisions,” where two different images are assigned the same fingerprint. According to the study, these manipulations can be carried out quickly and with a success rate approaching 100%.
“These systems can lead to data leaks, the spread of illegal material and large-scale false accusations,” researchers warned. The details of the vulnerabilities have not been publicly disclosed to prevent abuse, and Microsoft is collaborating with the research team to address the issues.
The discovery comes as Microsoft continues to invest heavily in digital security and AI-powered content moderation tools. The company recently announced a strategic partnership with the Flemish government to accelerate digital transformation in the region, including the rollout of Microsoft 365 and Copilot to local administrations as reported in January 2025. That partnership also includes equipping 10,000 public sector workers with Copilot, Microsoft’s AI assistant according to VRT News.
The Flemish government’s commitment to Microsoft’s digital tools underscores the growing reliance on technology to enhance public services and security. However, the PhotoDNA findings serve as a reminder of the potential security risks inherent in even the most advanced systems.
