DeepSeek’s AI Breakthrough & Cybersecurity Risks: A Promising Chatbot Faces Major Security Challenges

DeepSeek, an AI business created in 2023, just released its open-source R1 model, putting it as a viable competitor to OpenAI's ChatGPT and Google's Gemini. The company says that R1 provides equivalent performance while being much more cost-effective and consuming less processing resources. However, despite its promising start, DeepSeek has encountered significant security and operational issues.

On Monday, the company reported widespread malicious attacks on its servers, which prevented fresh user registrations. Although current customers were unaffected, the nature of the attack indicates a Distributed Denial-of-Service (DDoS) attempt. DeepSeek has also alerted users about fake social media profiles imitating the brand, which complicates its launch.

Beyond operational delays, cybersecurity experts have expressed alarm over DeepSeek R1's vulnerabilities. Kela, a security firm, discovered that the model is highly vulnerable to jailbreaks, which are strategies for bypassing built-in safety mechanisms. Exploits such as the "Evil Jailbreak" and "Leo" methods, which were patched in ChatGPT, continue to function in DeepSeek R1, allowing the chatbot to generate harmful outputs like ransomware code and explosive-making instructions. Kela also evaluated the chatbot's ability to retrieve sensitive information, noting that it attempted to generate information about OpenAI staff, although the results appeared to be manufactured.

These challenges pose more general worries regarding AI security, disinformation, and data privacy. Given growing concerns about foreign AI platforms, experts emphasise the importance of data transparency and compliance with global privacy rules. With the US already investigating Chinese IT firms, DeepSeek's future in global markets is questionable.

Source : securityweek.com