Researchers sound alarm on DeepSeek R1 security

Model “exhibited a 100% attack success rate”

Chinese AI startup DeepSeek made waves with the release of its reasoning AI model. It now faces global scrutiny due to serious security vulnerabilities found in that model.

A recent study from Cisco in partnership with the University of Pennsylvania revealed that DeepSeek R1 is vulnerable to jailbreaking attacks.

Much of the buzz created by DeepSeek centred on how the Chinese model achieved comparable performance to other frontier models with a reportedly far smaller training budget than its Western counterparts, and without access to the most advanced chips.

However, according to the researchers, DeepSeek R1 failed to block harmful outputs 100% of the time when it was subjected to algorithmic jailbreaking techniques.

The test involved feeding the model with 50 random prompts from the HarmBench dataset which covered different categories of adversarial behaviour such as misinformation, cybercrime, and and general harm.

The researchers described the test result as “alarming” stating: “DeepSeek R1 exhibited a 100% attack success rate, meaning it failed to block a single harmful prompt.”

Open AI O1 model Outperforms DeepSeek in Security Testing

When the same test was carried out on rival models like OpenAI's GPT-4o, Gemini-1.5-pro and Anthropic's Claude 3.5 sonnet, the study found, that, unlike DeepSeek R1, these models were able to resist some of the attacks. Moreover, OpenAIs reasoning model o1 preview was the best performing model during the test and it blocked most of the attacks.

The researchers attribute these flaws to DeepSeek’s cost-cutting measures during training, which compromised its safety controls.

Last week, a US security company found a database containing sensitive data from DeepSeek, unsecured, on the open internet. The data included chat history, API keys and directory structures.

In a further move which case the security of DeepSeek R1 into doubt, the Australian government yesterday announced a ban on DeepSeek from all government devices, citing "unacceptable risks" to national security.

The directive mandates the removal of all DeepSeek products from government systems and prohibits future installations. Home Affairs Minister Tony Burke stated that the decision is based on advice from security agencies and is a genuine measure to ensure national security.

Australia’s move aligns with similar actions taken by Italy, Taiwan, South Korea, and France, all of which have raised concerns about data practice at DeepSeek.