DeepSeek failed every security test these researchers put it through

Key findings: Security researchers from the University of Pennsylvania and Cisco discovered that DeepSeek’s R1 reasoning AI model scored zero out of 50 on security tests designed to prevent harmful outputs.

• The model failed to block any harmful prompts from the HarmBench dataset, which includes tests for cybercrime, misinformation, illegal activities, and general harm
• Other leading AI models demonstrated at least partial resistance to these same security tests
• The findings are particularly significant given DeepSeek’s claims that its R1 model can compete with OpenAI’s state-of-the-art o1 model at a fraction of the cost

Security vulnerabilities: Additional security concerns have emerged beyond the failed prompt testing, revealing multiple weaknesses in DeepSeek’s infrastructure.

• Cloud security firm Wiz discovered an unsecured database containing unencrypted internal data, including chat history and sensitive backend information
• The system lacks basic authentication or defense mechanisms against external threats
• AI security company Adversa AI confirmed that the model is exceptionally easy to “jailbreak” – a term referring to bypassing an AI system’s built-in safety controls

Competitive context: The security issues highlight potential tradeoffs between cost efficiency and safety in AI development.

• DeepSeek, owned by a Chinese hedge fund, has marketed itself as a more cost-effective alternative to US competitors
• Meta’s open-source Llama 3.1 model also performed poorly, with a 96% attack success rate
• OpenAI’s o1-preview demonstrated stronger security, with only a 26% attack success rate

Industry implications: The findings raise serious concerns about the deployment of AI models without adequate security testing.

• Security experts warn that deploying vulnerable AI models in complex systems could increase liability and business risks for enterprises
• The situation highlights the importance of continuous security testing and “red-teaming” – systematic attempts to find vulnerabilities in AI systems
• These vulnerabilities could potentially enable bad actors to use the model for generating harmful content or instructions for illegal activities

Looking ahead: These security findings could reshape the AI industry’s approach to model development and deployment, forcing companies to balance rapid innovation with robust safety measures. The incident serves as a wake-up call for organizations to prioritize security testing and implementation of proper safeguards before releasing AI models to the public.