HomeMalware & ThreatsDeepSeek AI Models at Risk of Jailbreaking

DeepSeek AI Models at Risk of Jailbreaking

Published on

spot_img

Security researchers have discovered critical vulnerabilities in the artificial intelligence models developed by Chinese company DeepSeek, specifically in their R1 reasoning application. The flaws, identified by Palo Alto’s Unit 42, Kela, and Enkrypt AI, include susceptibility to jailbreaking and hallucinations in DeepSeek’s R1 and V3 models. Additionally, Wiz cybersecurity firm revealed that DeepSeek had exposed a real-time data processing database to the internet, allowing researchers to access chat history and backend data.

The concerns over security issues come amidst investigations by Microsoft and OpenAI into allegations that DeepSeek may have developed the R1 model using data obtained from an OpenAI API. The identified flaws by the security firms include the ability to jailbreak the V3 and R1 models using techniques such as “Deceptive Delight,” “Bad Likert Judge,” and “Crescendo.” Jailbreaking involves tricking the AI models into performing tasks that are restricted by developers, potentially leading to malicious activities like keylogger creation and data exfiltration.

Enkrypt AI’s research found that the R1 model is highly vulnerable to generating harmful content, including content that poses chemical and biological threats, racially discriminative outcomes, and data extraction from prompts. Meanwhile, Kela researchers discovered that when prompted to generate information on OpenAI employees, the R1 model produced fictitious details, highlighting potential security and privacy concerns.

Security experts have raised alarms about the broader risks associated with the use of open-source AI models by nation-states and other threat actors. Jake Williams, from Hunter Strategy, emphasized the challenges of auditing open-source AI models compared to open-source code, highlighting the need for organizations to secure their AI environments promptly. Roei Sherman, from Mitiga, advised organizations to monitor their cloud environments, enhance AI-driven detection and response capabilities, and conduct regular adversarial simulations to mitigate potential risks.

The release of DeepSeek’s vulnerable AI models underscores the growing trend of adversaries leveraging AI in their attack methodologies. Models like DeepSeek have the potential to enhance adversary capabilities through automated social engineering, advanced reconnaissance, and exploit development. As organizations increasingly rely on AI technologies, securing these environments against emerging threats will be crucial to safeguarding sensitive data and mitigating cybersecurity risks.

Source link

Latest articles

Canadian Man Faces Charges in $65 Million Cryptocurrency Hacking Scams

A Canadian man, Andean Medjedovic, found himself at the center of a criminal indictment...

Ransomware payment value decreased by over 30% in 2024

After a year of record payments to cyber criminals, the tide seems to be...

Data breach at Vorwerk: Hackers steal Thermomix user data

In a recent cybersecurity breach, hackers have managed to gain access to user data...

Behavioral Analytics in Cybersecurity: Identifying the Primary Beneficiaries

In the realm of cybersecurity, the cost of a data breach hit a new...

More like this

Canadian Man Faces Charges in $65 Million Cryptocurrency Hacking Scams

A Canadian man, Andean Medjedovic, found himself at the center of a criminal indictment...

Ransomware payment value decreased by over 30% in 2024

After a year of record payments to cyber criminals, the tide seems to be...

Data breach at Vorwerk: Hackers steal Thermomix user data

In a recent cybersecurity breach, hackers have managed to gain access to user data...