China’s AI firm DeepSeek has been making headlines for its low-cost and high-performance models. However, when it comes to AI security, it seems to be lagging far behind its rivals.
Using an automated jailbreaking algorithm with 50 prompts related to cybercrime, misinformation, illegal activities, and general harm, Cisco’s research team managed to “jailbreak” DeepSeek R1 with a 100% success rate. This means the AI model failed to block even a single harmful request.
Why DeepSeek Fails Where Others Succeed
"Jailbreaking" refers to bypassing built-in restrictions in software or devices. Since the rise of large language models (LLMs), researchers and hobbyists have tested their limits—getting them to generate dangerous content, from making explosives to cooking methamphetamine.
DeepSeek performed significantly worse than its competitors in preventing harmful outputs.
- OpenAI’s GPT-4o successfully blocked 14% of harmful jailbreak attempts.
- Google’s Gemini 1.5 Pro had a 35% success rate.
- Anthropic’s Claude 3.5 fared better, stopping 64% of harmful prompts.
- OpenAI’s GPT-4o Preview (O1) led the pack, preventing 74% of attacks.
Cisco researchers pointed to DeepSeek’s significantly lower budget as a likely cause of these failures. While DeepSeek claimed to have developed its model for just $6 million, OpenAI reportedly spent $500 million on training GPT-5. The researchers noted that DeepSeek’s affordability comes at a cost—compromised security and safety.
Selective Restrictions: AI Security or Censorship?
Despite its vulnerability to jailbreaking, DeepSeek does impose strict content restrictions—at least when it comes to politically sensitive topics related to China.
A PCMag journalist tested DeepSeek on controversial topics such as the treatment of Uyghurs, a Muslim minority group that the UN has accused China of oppressing. The chatbot refused to engage, responding:
“Sorry, this is beyond my current scope. Let’s talk about something else.”
Similarly, when asked about the 1989 Tiananmen Square massacre, where student protesters were reportedly killed, DeepSeek declined to answer.
While it remains unclear whether these security and censorship concerns will affect DeepSeek’s rapidly growing popularity, its user base is soaring.
Surging Popularity Despite Concerns
According to web traffic tracking tool SimilarWeb, DeepSeek has skyrocketed from 300,000 daily visitors earlier this month to 6 million—a staggering increase.
Meanwhile, Microsoft and Perplexity AI are already integrating DeepSeek (which uses open-source models) into their tools.
Whether these companies will address its security vulnerabilities or let the model continue as-is remains to be seen.
Posts
0 Comments