Towards Secure AI Week 4 – DeepSeek’s AI Security Failures

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History

Wiz, January 29, 2025

A recent security lapse in AI infrastructure has underscored the critical need for stronger protections in artificial intelligence systems. Wiz Research uncovered an unprotected ClickHouse database belonging to DeepSeek, a Chinese AI startup known for its advanced models. This exposed database, which lacked authentication measures, contained over a million log entries, including user chat histories, API keys, and backend operational details. Even more concerning, it allowed unauthorized users to gain full control over database operations, creating opportunities for privilege escalation and unauthorized data manipulation. Such vulnerabilities threaten both user privacy and the overall integrity of AI platforms, reinforcing the urgent need for stringent security measures in AI development.

This incident serves as a stark reminder that as AI technologies evolve rapidly, so do the associated security risks. DeepSeek responded swiftly to Wiz Research’s alert by securing the database, but the event highlights a broader industry challenge: the need for proactive cybersecurity strategies in AI systems. Organizations deploying AI must implement robust security protocols, conduct regular vulnerability assessments, and establish rapid incident response mechanisms to prevent data leaks and unauthorized access. As AI becomes more embedded in daily applications, prioritizing security and safety will be essential to maintaining trust and ensuring the responsible development of these powerful technologies.

DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot

Wired, January 31, 2025

Recent evaluations have revealed significant security vulnerabilities in DeepSeek’s latest AI model, R1. Analysis by Adversa AI, a company specializing in AI security, corroborated these findings. Their research demonstrated that R1 is susceptible to a variety of jailbreaking techniques, ranging from simple linguistic manipulations to more complex AI-generated prompts. This susceptibility underscores the critical need for robust security protocols in AI development. As AI systems become increasingly integrated into various applications, ensuring their safety and resilience against such vulnerabilities is paramount.

This indicates that DeepSeek’s safety measures are currently inadequate compared to industry standards. 

Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek

Unit42, January 30, 2025

Recent analyses have highlighted significant security vulnerabilities in DeepSeek’s AI models, particularly concerning their susceptibility to jailbreaking techniques. Unit 42 researchers identified two novel methods, termed “Deceptive Delight” and “Bad Likert Judge,” which effectively bypass the safety protocols of large language models (LLMs). When tested against DeepSeek’s models, these techniques, along with a multi-turn approach called “Crescendo,” achieved high success rates in circumventing content restrictions. 

The “Deceptive Delight” method involves embedding harmful topics within benign ones, presented in a positive context, leading the AI to generate unsafe content inadvertently. “Bad Likert Judge” manipulates the AI by using Likert scales to elicit harmful responses. These findings underscore the critical need for robust security measures in AI development. As AI systems become more integrated into various applications, ensuring their resilience against such vulnerabilities is paramount to maintain user safety and trust.

Subscribe for updates

Stay up to date with what is happening! Get a first look at news, noteworthy research and worst attacks on AI delivered right in your inbox.