DeepSeek, the Chinese AI that is emerging as a major alternative to ChatGPT, is riddled with security flaws. According to experiments conducted by researchers at Kela, the Chinese AI, which scares American giants, is even "much more vulnerable" than OpenAI's chatbot.
As the researchers explain in their report, it is possible to "jailbreak" the generative AI to bypass its restrictions without too much difficulty. The researchers were able to manipulate the model to convince it to bypass content filters and ethical constraints put in place by its designers.
DeepSeek, an AI that is easy to manipulate
The researchers at Kela were able to use DeepSeek to “produce malicious results, such as developing ransomware, creating sensitive content, or providing detailed instructions for making toxins and explosive devices”. In short, criminals can use AI as a weapon. For Kela, it is clear “that the impressive capabilities of DeepSeek R1 are not accompanied by strong security features”.
Note that it was easy to manipulate early versions of ChatGPT in the same way. With more recent versions of the AI, such as ChatGPT 4o, OpenAI has corrected the situation and included more effective safeguards.
Two years behind schedule
Moreover, the researchers specify that DeepSeek is susceptible to being trapped by "a variety of techniques, including methods made public more than two years ago". The experts cite a tactic called "Evil Jailbreak." It simply consists of pushing the AI to adopt "an 'evil' persona, free of ethical constraints".
To convince the chatbot, users must pretend that it is an experiment for a fiction or a role-playing game. With a few well-tuned queries, the model forgets its limitations and can write criminal content, such as the best way to launder money from illegal activities or the production of hard drugs. It was also able to code malware that could steal personal data and banking details.
The AI “not only provided detailed instructions, but also generated a malicious script designed to extract credit card data from specific browsers and transmit it to a remote server,” says Kela. In another experiment, DeepSeek provided advice on how to design undetectable explosives for an airport attack. The Chinese AI also agreed to search for, collect, and share personal data on OpenAI employees, in violation of current laws in Europe and the United States.
The trick came to light shortly after ChatGPT went live in early 2023. The vulnerability exploited was fixed by OpenAI with GPT 4 and others. As Kela’s tests show, the queries that fool DeepSeek are not enough to trap ChatGPT. Unlike ChatGPT, DeepSeek is transparent about the reasoning process behind each of its responses. This transparency makes it easier for hackers to manipulate artificial intelligence, especially with adversarial or prompt-injection attacks.
The shadow of China
In conclusion, DeepSeek is “behind the curve in terms of security, privacy and safety”. In addition, AI is also worrying because of its links with the Chinese government. Kela's report points out that Chinese laws require the company to share its data with authorities if requested.
As Adrianus Warmenhoven, a security expert at NordVPN, explained to 01net, DeepSeek's privacy policy "clearly states that user data, including conversations and generated responses, are stored on servers located in China.".
To test DeepSeek, we recommend using an alternative that hosts the model on servers in the West, such as Perplexity.
Source: Kela
0 Comments