DeepSeek failed 100%: Chinese AI failed a single security test

Experts used “algorithmic jailbreak” — a method used to detect vulnerabilities in AI models by creating clues designed to bypass security protocols.

The Chinese artificial intelligence model DeepSeek was unable to stop a single malicious request. Interesting Engineering writes about this.

DeepSeek R1, a new chatbot from a Chinese startup, has failed key security tests conducted by Cisco’s research group in collaboration with researchers at the University of Pennsylvania. The chatbot has garnered a lot of attention for its impressive performance on tasks at a fraction of the cost. DeepSeek R1 reportedly cost about $6 million to develop, compared to the billions invested by other big players like OpenAI, Meta, and Gemini.

The experts used “algorithmic jailbreaking” — a technique used to find vulnerabilities in AI models by creating clues designed to bypass cybersecurity protocols. They tested DeepSeek R1 on 50 clues from the HarmBench dataset. The HarmBench test considered a total of 400 behavior patterns across 7 harm categories, including cybercrime, disinformation, illegal activity, and general harm. DeepSeek R1 showed 100% attack success. This means that for every malicious prompt presented, the AI ​​failed to recognize the threat and responded by bypassing all of its internal defenses.

To provide additional context, the research team also tested other leading language models for their vulnerability to algorithmic jailbreaking. For example, Llama 3.1-405B had a 96% success rate, GPT 4o — 86%, Gemini 1.5 pro — 64%, Claude 3.5 Sonnet — 36%, and O1 preview — 26%. These models have some level of internal security measures designed to prevent the generation of malicious content. DeepSeek R1 does not appear to have these security measures, the media reports.

The research team’s analysis points to a potential trade-off between efficiency and cybersecurity in DeepSeek’s approach. While the company managed to develop a high-performance model for a fraction of the usual cost, it appears to have done so at the expense of robust cybersecurity mechanisms.

OpenAI has accused DeepSeek of data theft. Sam Altman’s company said the Chinese AI startup used the results of its proprietary models to train a competing chatbot. Interestingly, however, OpenAI itself has been the subject of multiple lawsuits for alleged copyright infringement and data misuse.