Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    The ‘beige Amazon influencer’ lawsuit is headed for dismissal

    May 29, 2025

    Netflix’s series about the FTX fiasco has found its leading effective altruists

    May 29, 2025

    Elon Musk sure does want everyone to think he’s leaving politics

    May 29, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot
    Business

    DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot

    News RoomBy News RoomFebruary 3, 20253 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    “Jailbreaks persist simply because eliminating them entirely is nearly impossible—just like buffer overflow vulnerabilities in software (which have existed for over 40 years) or SQL injection flaws in web applications (which have plagued security teams for more than two decades),” Alex Polyakov, the CEO of security firm Adversa AI, told WIRED in an email.

    Cisco’s Sampath argues that as companies use more types of AI in their applications, the risks are amplified. “It starts to become a big deal when you start putting these models into important complex systems and those jailbreaks suddenly result in downstream things that increases liability, increases business risk, increases all kinds of issues for enterprises,” Sampath says.

    The Cisco researchers drew their 50 randomly selected prompts to test DeepSeek’s R1 from a well-known library of standardized evaluation prompts known as HarmBench. They tested prompts from six HarmBench categories, including general harm, cybercrime, misinformation, and illegal activities. They probed the model running locally on machines rather than through DeepSeek’s website or app, which send data to China.

    Beyond this, the researchers say they have also seen some potentially concerning results from testing R1 with more involved, non-linguistic attacks using things like Cyrillic characters and tailored scripts to attempt to achieve code execution. But for their initial tests, Sampath says, his team wanted to focus on findings that stemmed from a generally recognized benchmark.

    Cisco also included comparisons of R1’s performance against HarmBench prompts with the performance of other models. And some, like Meta’s Llama 3.1, faltered almost as severely as DeepSeek’s R1. But Sampath emphasizes that DeepSeek’s R1 is a specific reasoning model, which takes longer to generate answers but pulls upon more complex processes to try to produce better results. Therefore, Sampath argues, the best comparison is with OpenAI’s o1 reasoning model, which fared the best of all models tested. (Meta did not immediately respond to a request for comment).

    Polyakov, from Adversa AI, explains that DeepSeek appears to detect and reject some well-known jailbreak attacks, saying that “it seems that these responses are often just copied from OpenAI’s dataset.” However, Polyakov says that in his company’s tests of four different types of jailbreaks—from linguistic ones to code-based tricks—DeepSeek’s restrictions could easily be bypassed.

    “Every single method worked flawlessly,” Polyakov says. “What’s even more alarming is that these aren’t novel ‘zero-day’ jailbreaks—many have been publicly known for years,” he says, claiming he saw the model go into more depth with some instructions around psychedelics than he had seen any other model create.

    “DeepSeek is just another example of how every model can be broken—it’s just a matter of how much effort you put in. Some attacks might get patched, but the attack surface is infinite,” Polyakov adds. “If you’re not continuously red-teaming your AI, you’re already compromised.”

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleThe best TV deals to upgrade your setup ahead of the Super Bowl
    Next Article Can anyone stop President Musk?

    Related Posts

    Donald Trump’s Media Conglomerate Is Becoming a Bitcoin Reserve

    May 29, 2025

    Businesses Got Squeezed by Trump’s Tariffs. Now Some of Them Want Their Money Back

    May 28, 2025

    There’s a Very Simple Pattern to Elon Musk’s Broken Promises

    May 28, 2025

    Freedom of the Press Foundation Threatens Legal Action if Paramount Settles With Trump Over ’60 Minutes’ Interview

    May 27, 2025

    A Helicopter, Halibut, and ‘Y.M.C.A’: Inside Donald Trump’s Memecoin Dinner

    May 27, 2025

    Inside Anthropic’s First Developer Day, Where AI Agents Took Center Stage

    May 27, 2025
    Our Picks

    Netflix’s series about the FTX fiasco has found its leading effective altruists

    May 29, 2025

    Elon Musk sure does want everyone to think he’s leaving politics

    May 29, 2025

    Xbox co-founder J Allard is working on ‘breakthrough’ devices at Amazon

    May 29, 2025

    Donald Trump’s Media Conglomerate Is Becoming a Bitcoin Reserve

    May 29, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    News

    AI could consume more power than Bitcoin by the end of 2025

    By News RoomMay 29, 2025

    AI could soon surpass Bitcoin mining in energy consumption, according to a new analysis that…

    YouTube will let you search for things you see in Shorts

    May 29, 2025

    Instagram isn’t just for square photos anymore

    May 29, 2025

    Insta360’s face-tracking Link webcams have hit their lowest prices yet

    May 29, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.