In a recent investigation, Tenable researchers explored how DeepSeek, a large language model (LLM) built by a Chinese company, can be exploited to generate malware, including keyloggers and ransomware, despite its initial refusal to engage in harmful activities.
Unlike popular AI models like GPT-4 or Claude, DeepSeek is fully open-source, so anyone can download and use it for free. It’s trained on large datasets, including code, making it very powerful — yet potentially dangerous.
From Guardrails to Jailbreaks
Mainstream GenAI platforms like ChatGPT and Gemini also have well-documented protections against malicious use. Reports like OpenAI’s “Disrupting malicious uses of AI by state-affiliated threat actors” and Google’s “Adversarial Misuse of Generative AI” highlight efforts to curtail abuse.
However, malicious actors have developed their own malicious LLMs — such as WormGPT, FraudGPT, Evil-GPT, and GhostGPT—all available via subscription models in dark corners of the Web. Unfortunately, DeepSeek V3 and R1 now offer a freely accessible and powerful alternative for attackers.
Tenable researchers specifically evaluated DeepSeek R1, a reasoning-focused LLM trained to approach problems using Chain-of-Thought (CoT) — a step-by-step reasoning technique originally described by Google in 2022.
Although DeepSeek initially refused to create a keylogger, citing ethical guidelines and suggesting cybersecurity education as an alternative, researchers found its protections easily circumvented through simple “jailbreaking” techniques, such as stating the purpose was “educational.”
Inside DeepSeek’s Reasoning Process
Once prompted successfully, DeepSeek’s internal CoT kicked in, analyzing how to write a stealthy Windows keylogger using C++. Its reasoning considered:
- Using Windows hooks like SetWindowsHookEx to capture keystrokes.
- Avoiding detection by hiding the process and log files.
- Balancing effectiveness and stealth while contemplating potential antivirus evasion.
Eventually, DeepSeek outlined a functional keylogger design, albeit with errors.
From Concept to Working Keylogger
The initial code produced by DeepSeek was buggy but close to functional. After manual corrections — such as fixing incorrect API calls and handling data types — researchers successfully compiled and ran the keylogger.
The keylogger could capture and log keystrokes to a hidden file and operate in the background, invisible to the user.
However, it failed to hide itself from the Windows Task Manager, a flaw that attackers could easily address by renaming processes or using additional obfuscation techniques.
Enhancing Stealth
When asked how to hide the log file better, DeepSeek came up with several practical methods, such as setting the file’s hidden and system attributes, storing logs in inconspicuous locations, and encrypting the data to prevent easy detection.
Tenable researchers prompted DeepSeek to implement these ideas, and after correcting a hallucinated Windows flag, they produced a fully working keylogger that stored XOR-encrypted logs in a hidden file.
Using a Python decryption script also written by DeepSeek, researchers decrypted the file successfully.
Writing Ransomware
Pushing the boundaries further, Tenable asked DeepSeek about writing a basic ransomware sample. Despite initial hesitation, DeepSeek started the reasoning process behind the steps required to encrypt victim files, indicating a capability to walk users through creating harmful malware — again, despite surface-level guardrails.
“As part of its CoT, DeepSeek was able to identify potential issues when planning the development of this simple ransomware, such as file permissions, handling large files, performance, and anti-debugging techniques. Additionally, DeepSeek was able to identify some potential challenges in implementation, including the need for testing and debugging,” the report said.
The researchers did say that what DeepSeek came up with all needed to be manually edited in order to compile, but they were able to get a few of them working.
“Writing a ransomware in C++ is a complex task that requires knowledge of cryptography, file handling, randomness generation, and secure key management. While this example gives a high-level overview of the necessary steps, implementing it correctly would involve more detailed planning and coding. Additionally, there are legal and ethical implications to consider before attempting such a project,” DeepSeek finally said.
A Growing Concern
The Tenable Research findings illustrate a concerning shift in the cybercrime ecosystem. Open-source LLMs like DeepSeek represent a new frontier for malware generation, and guardrails on mainstream AI tools may be meaningless when freely available alternatives can be easily manipulated.
Bad actors no longer need to rely on expensive, custom LLMs like WormGPT when powerful open-source models are accessible.
Casey Ellis, Founder at Bugcrowd, says Tenable’s analysis of DeepSeek highlights a growing concern in the intersection of AI and cybersecurity: the dual-use nature of generative AI. “While the AI-generated malware, in this case, required manual intervention to function, the fact that these systems can produce even semi-functional malicious code is a clear signal that security teams need to adapt their strategies to account for this emerging threat vector.”
Mitigating the GenAI Risks
J Stephen Kowski, Field CTO at SlashNext, says to combat AI-generated malware, security teams need to implement advanced behavioral analytics that can detect unusual patterns in code execution and network traffic. Real-time threat detection systems powered by AI can identify and block suspicious activities before they cause damage, even when the malware is sophisticated or previously unknown. Multi-factor authentication, strong password policies, and zero-trust architecture are essential defenses that significantly reduce the risk of AI-powered attacks succeeding, regardless of how convincing they appear.
Ellis adds that just as threat actors are using AI to enhance their capabilities, defenders can leverage AI to detect and respond to threats more effectively. AI-driven tools can analyze vast amounts of data to identify subtle indicators of compromise, automate routine tasks, and even predict potential attack vectors based on emerging trends.
GenAI systems like DeepSeek can be tricked into producing harmful outputs through techniques like jailbreaking, so entities should implement robust guardrails in their AI systems to prevent misuse, including input validation, ethical use policies, and continuous monitoring for abuse, explains Ellis. Additionally, educating developers and users about the risks and limitations of generative AI is critical to reducing the likelihood of accidental or intentional misuse.
“The other thing to keep in mind is that this is a rapidly evolving space. Threat actors are experimenting with AI, and while the current outputs may be imperfect, it’s only a matter of time before these tools become more sophisticated. Security teams need to stay ahead of the curve by fostering collaboration between researchers, industry, and policymakers to address these challenges proactively, Ellis adds.
Criminals will Criminal
Trey Ford, Chief Information Security Officer at Bugcrowd, says: “Criminals are going to criminal – and they’re going to use every tool and technique available. GenAI-assisted development is going to enable a new generation of developers – for altruistic and malicious efforts alike.”
As a reminder, Ford says the EDR market is explicitly endpoint detection and response—they’re not intended to disrupt all attacks. “Ultimately, we need to do what we can to drive up the cost of these campaigns by making endpoints harder to exploit – pointedly they need to be hardened to CIS 1 or 2 benchmarks.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.