DeepSeek Chatbot Fails All Security Tests: Major Risks Revealed

The much-discussed Chinese artificial intelligence model, DeepSeek R1, which aims to be a leader in the field of generative AI, has demonstrated impressive abilities in solving complex logic problems, programming, and mathematics. However, testing has revealed that alongside its outstanding capabilities, the model carries serious security risks.

Analysts at KELA have discovered that DeepSeek R1 is highly vulnerable to hacking. Compared to ChatGPT and other similar models, DeepSeek R1 is much easier to jailbreak—a method that bypasses security mechanisms and forces the AI to generate prohibited content.

Using outdated but still effective techniques, KELA experts managed to make DeepSeek R1 create malware, provide detailed instructions for money laundering, and even assemble deadly drones. Subsequent prompts successfully generated instructions for making bombs, explosives, and untraceable toxins.

Step-by-Step Instructions for Building a Kamikaze Drone

In one of the tests, experts asked the model to create malicious code designed to steal user data. DeepSeek R1 not only generated such code but also suggested methods for distributing it among victims. Moreover, the model even recommended specific underground marketplaces, such as Genesis and RussianMarket, where stolen data could be sold.

DeepSeek R1 is based on the DeepSeek-V3 model, trained using large-scale reinforcement learning (RL). Thanks to this, the model shows outstanding results on the Chatbot Arena platform, outperforming leading open models like Llama 3.1-405B, as well as closed models including OpenAI o1 and Claude 3.5 Sonnet. In some tests, DeepSeek R1 even surpassed ChatGPT4o in solving certain logic analysis tasks. But as shown above, high cognitive abilities are not accompanied by reliable security mechanisms.

An additional risk comes from the reasoning explanation mechanism built into DeepSeek R1. Unlike ChatGPT4o, which hides the logic behind its decisions, the Chinese AI displays all stages of its analysis to the user. This gives attackers access to the model’s vulnerabilities, allowing them to develop more effective attacks.

Another alarming aspect is DeepSeek R1’s ability to provide false and potentially dangerous information. In one test, the model generated a table with supposedly personal data of OpenAI employees, including fake addresses, phone numbers, and salaries. Although the information was not real, such responses undermine trust in the model and demonstrate its inability to filter out false data.

The Chinese AI also violates privacy principles followed by Western companies. DeepSeek’s policy allows the use of user queries and responses for model training without the option to opt out, and Chinese law requires companies to share data with authorities.

KELA specialists emphasize that organizations should carefully assess the risks before implementing such technologies. Generative AI models must undergo thorough security testing before being integrated into workflows. Otherwise, companies risk not only data leaks but also inadvertently contributing to the spread of malicious content.