Deepseek, a Chinese AI language model, has recently come under scrutiny following the discovery of significant security vulnerabilities. Just a week after its successful debut, security experts raised alarms about its weaknesses. According to a report by Wired, researchers found that Deepseek’s model R1 failed to detect or block harmful commands during tests using known jailbreak techniques. This resulted in a 100% success rate for attacks, which was a surprising and concerning outcome for experts.
Since the release of ChatGPT in late 2022, cybersecurity experts have been attempting to identify security gaps in large language models. Their goal is to bypass the protective measures of these AI systems and prompt them to generate harmful content, such as hate speech, bomb-making instructions, or misinformation. A research team from Cisco and the University of Pennsylvania tested Deepseek using 50 known jailbreak techniques. While established AI providers like OpenAI and Google continuously improve their security mechanisms, the new Chinese AI model showed significant weaknesses. Security firms like Adversa AI reached similar conclusions, noting that Deepseek was vulnerable to a variety of jailbreak methods, ranging from simple language tricks to complex AI-generated prompts.
Jailbreaks are a form of prompt-injection attacks that can bypass the security mechanisms of an AI model. Companies aim to prevent their models from generating instructions for illegal activities or misinformation, but jailbreaks can enable exactly that, testing the AI models’ defenses. Early jailbreaks often used simple instructions to trick an AI into ignoring protective measures, but modern techniques are more sophisticated. Many are now developed by AI itself or use specific character and language patterns to evade security measures.
The Cisco team tested Deepseek R1 with known security standards like Harmbench, a library for standardized test queries. Some established models also performed poorly, notably Meta’s Llama 3.1, which showed vulnerabilities in several categories. OpenAI’s o1-Reasoning model performed best, proving to be much more robust against attacks compared to Deepseek.
Adversa AI also found that while Deepseek recognized some common jailbreak attempts, this detection often relied on data from OpenAI. However, the model could still be outsmarted with various attack methods, including language manipulations and code tricks. “Every single method worked perfectly,” commented Alex Polyakov, CEO of Adversa AI. Even more concerning was the fact that these were not new jailbreak methods; many had been known for years, meaning Deepseek could have prepared accordingly.
The security vulnerabilities in Deepseek are varied, and questions about how personal data is handled remain unresolved. This has led the Italian data protection authority to instruct the Chinese company to block Deepseek for users in Italy. Following this, data protection authorities in Ireland and France have also launched investigations.
The security issues not only highlight the weaknesses in Deepseek but also impact its reputation. The model’s inability to effectively counter known attack methods raises concerns about its reliability and safety in handling sensitive information. As AI technology continues to evolve, ensuring robust security measures becomes increasingly crucial to maintaining trust and safeguarding user data.
