In the short time since its debut, DeepSeek has made waves in the AI industry, garnering praise as well as scrutiny. The model’s meteoric rise has fueled debate over its claimed efficiency, intellectual property worries, and its general reliability and safety.
A week ago, Information Security Buzz wrote about how a Qualys security analysis raised significant red flags about DeepSeek-RI’s risks, especially in enterprise and regulatory settings.
Now, fresh research from AppSOC has uncovered more alarming security risks associated with the DeepSeek-R1 model, raising critical questions about its suitability for enterprise use.
Massive Security Failures
The AppSOC Research Team conducted an extensive security analysis of DeepSeek-R1 using its AI Security Platform, subjecting the model to static analysis, dynamic testing, and red-teaming techniques. The results were concerning, to say the least:
- Jailbreaking: A failure rate of 91%. DeepSeek-R1 consistently bypassed safety mechanisms meant to prevent generating harmful or restricted content.
- Prompt Injection Attacks: A failure rate of 86%. The model was susceptible to adversarial prompts, resulting in incorrect outputs, policy violations, and system compromise.
- Malware Generation: A failure rate of 93%. Tests showed DeepSeek-R1 could generate malicious scripts and code snippets at critical levels.
- Supply Chain Risks: A failure rate of 72%. The lack of clarity around the model’s dataset origins and external dependencies heightened its vulnerability.
- Toxicity: Failure rate of 68%. When prompted, the model generated responses with toxic or harmful language, indicating poor safeguards.
- Hallucinations: A failure rate of 81%. DeepSeek-R1 produced factually incorrect or fabricated information at a high frequency.
These vulnerabilities led AppSOC researchers to warn against deploying DeepSeek-R1 in enterprise environments, particularly where data security and regulatory compliance are top priorities.
Quantifying AI Risk
Beyond identifying risks, AppSOC assigns a proprietary AI risk score to models, measuring security exposure. DeepSeek-R1 scored a highly worrying 8.3 out of 10, with the following breakdown:
- Security Risk Score (9.8): This score reflects vulnerabilities such as jailbreak exploits, malicious code generation, and prompt manipulation, which are the most critical areas of concern.
- Compliance Risk Score (9.0): The model, originating from a publisher based in China and using datasets with unknown provenance, posed significant compliance risks, particularly for entities with strict regulatory obligations.
- Operational Risk Score (6.7): While not as severe as other factors, this score highlighted risks tied to model provenance and network exposure—critical for enterprises integrating AI into production environments.
- Adoption Risk Score (3.4): Although DeepSeek-R1 garnered high adoption rates, user-reported issues (325 noted vulnerabilities) played a key role in this relatively low score.
These findings highlight the criticality of continuous security testing for AI models to ensure their safety when deployed in enterprise settings.
A Wake-up Call for Enterprises
AppSOC Chief Scientist and Co-Founder Mali Gorantla says DeepSeek-R1 should not be deployed for any enterprise use cases, particularly ones involving sensitive data or intellectual property.
“In the race to adopt cutting-edge AI, enterprises often focus on performance and innovation while neglecting security. However, models like DeepSeek-R1 highlight the growing risks of this approach. AI systems vulnerable to jailbreaks, malware generation, and toxic outputs can lead to catastrophic consequences.”
Gorantla adds that AppSOC’s findings suggest that even models with millions of downloads and widespread adoption can harbor significant security flaws. “This should serve as a wake-up call for enterprises.”
Why These Failures Matter
As AI adoption accelerates, enterprises have to find ways to balance innovation with security. The vulnerabilities discussed today highlight the potential consequences of neglecting AI security. After all, compromised AI models can expose sensitive corporate data, leading to data breaches.
Moreover, biased or toxic AI outputs can erode trust, and non-compliance with data protection laws can lead to hefty fines and other legal woes.
This also hammers home a broader issue in AI development: Many models still prioritize performance over security—a big no-no. As AI integrates into critical industries like finance and healthcare, continuous testing and monitoring must become standard practice.
AI models are not static; they evolve with updates, so ongoing security assessments are crucial. DeepSeek has been beset with problems in a matter of weeks, and the security risks associated with this tool only reinforce the importance of proactive AI risk management.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.