Since the release of the free DeepSeek-R1 chatbot app on Jan. 20, cybersecurity researchers have uncovered numerous vulnerabilities in DeepSeek, leading to bans in Australia, Italy, and Taiwan. Many of these are related to AI jailbreak attacks, where models are instructed to bypass their built-in safeguards.
Susceptibility to jailbreaking
Researchers from Palo Alto Networks’ Unit 42 tested DeepSeek’s models using three jailbreaking techniques and found that these methods effectively bypassed the app’s security measures, allowing it to generate harmful content, such as instructions for creating Molotov cocktails.
A separate study by KELA revealed that DeepSeek-R1 is highly vulnerable to the “Evil” and “Leo” jailbreaks, which trick the model into adopting malicious or unrestricted personas. Researchers successfully prompted the model to generate detailed instructions for creating infostealer malware.
Compared to OpenAI’s o1, DeepSeek is 11 times more likely to generate harmful output, four times more vulnerable to generating insecure code, and 3.5 times more likely to produce chemical, biological, radiological, and nuclear content, according to a report from Enkrypt. Separate research from Cisco found that DeepSeek had a 100% attack success rate, failing to block any harmful prompts.
Model is insecure-by-design
Mounting evidence suggests the DeepSeek model is inherently insecure. NowSecure found that the DeepSeek iOS app transmits certain registration and device data over the internet without encryption, exposing sensitive information to potential interception. Meanwhile, Wallarm successfully bypassed the model’s built-in restrictions and extracted its hidden system prompts.
DeepSeek’s cybersecurity practices have also been called into question. Wiz Research identified an unauthenticated, publicly accessible database belonging to DeepSeek, exposing over a million lines of sensitive data, including chat histories, secret keys, backend details, and other highly sensitive information.
DeepSeek’s numerous vulnerabilities may have contributed to the “large-scale malicious attacks” on Jan. 27, according to the app’s status page. The incident forced the company to temporarily limit new user registrations to “ensure continued service.”
Proximity to China’s government
Researchers have discovered links between DeepSeek and the Chinese government, raising national security concerns.
NowSecure found that the DeepSeek iOS app transmits unencrypted user and device data to Chinese companies, while Feroot Security saw hidden code capable of transmitting user data to state-controlled telecom company China Mobile.
China Mobile was banned from operating in the U.S. in 2019 due to “substantial and serious national security and law enforcement risks.”
Additionally, DeepSeek’s Privacy Policy states that user data is stored on “secure servers located in the People’s Republic of China,” meaning it falls under China’s data protection laws. This grants the Chinese government access to the data upon request.