CyberSecurity news

FlagThis - #deepseek

Jibin Joseph@PCMag Middle East ai - 19d

DeepSeek R1 Model Performance and Issues - DeepSeek AI's R1 model, known for its detailed reasoning, is now on AWS and NVIDIA NIM, improving accessibility, while benchmarks show AMD's RX 7900 XTX outperforms RTX 4090 in DeepSeek benchmarks; concerns arise over safety guardrails, data use, and GPU smuggling.
DeepSeek AI's R1 model, a reasoning model praised for its detailed thought process, is now available on platforms like AWS and NVIDIA NIM. This increased accessibility allows users to build and scale generative AI applications with minimal infrastructure investment. Benchmarks have also revealed surprising performance metrics, with AMD’s Radeon RX 7900 XTX outperforming the RTX 4090 in certain DeepSeek benchmarks. The rise of DeepSeek has put the spotlight on reasoning models, which break questions down into individual steps, much like humans do.

Concerns surrounding DeepSeek have also emerged. The U.S. government is investigating whether DeepSeek smuggled restricted NVIDIA GPUs via Singapore to bypass export restrictions. A NewsGuard audit found that DeepSeek’s chatbot often advances Chinese government positions in response to prompts about Chinese, Russian, and Iranian false claims. Furthermore, security researchers discovered a "completely open" DeepSeek database that exposed user data and chat histories, raising privacy concerns. These issues have led to proposed legislation, such as the "No DeepSeek on Government Devices Act," reflecting growing worries about data security and potential misuse of the AI model.

Recommended read:
References :
  • aws.amazon.com: DeepSeek R1 models now available on AWS
  • www.pcguide.com: DeepSeek GPU benchmarks reveal AMD’s Radeon RX 7900 XTX outperforming the RTX 4090
  • www.tomshardware.com: U.S. investigates whether DeepSeek smuggled Nvidia AI GPUs via Singapore
  • www.wired.com: Article details challenges of testing and breaking DeepSeek's AI safety guardrails.
  • decodebuzzing.medium.com: Benchmarking ChatGPT, Qwen, and DeepSeek on Real-World AI Tasks
  • medium.com: The blog post emphasizes the use of DeepSeek-R1 in a Retrieval-Augmented Generation (RAG) chatbot. It underscores its comparability in performance to OpenAI's o1 model and its role in creating a chatbot capable of handling document uploads, information extraction, and generating context-aware responses.
  • www.aiwire.net: This article highlights the cost-effectiveness of DeepSeek's R1 model in training, noting its training on a significantly smaller cluster of older GPUs compared to leading models from OpenAI and others, which are known to have used far more extensive resources.
  • futurism.com: OpenAI CEO Sam Altman has since congratulated DeepSeek for its "impressive" R1 reasoning model, he promised spooked investors to "deliver much better models."
  • AWS Machine Learning Blog: Protect your DeepSeek model deployments with Amazon Bedrock Guardrails
  • mobinetai.com: DeepSeek is a catastrophically broken model with non-existent, typical shoddy Chinese safety measures that take 60 seconds to dismantle.
  • AI Alignment Forum: Illusory Safety: Redteaming DeepSeek R1 and the Strongest Fine-Tunable Models of OpenAI, Anthropic, and Google
  • Pivot to AI: Of course DeepSeek lied about its training costs, as we had strongly suspected.
  • Unite.AI: Artificial Intelligence (AI) is no longer just a technological breakthrough but a battleground for global power, economic influence, and national security.
  • cset.georgetown.edu: China’s ability to launch DeepSeek’s popular chatbot draws US government panel’s scrutiny
  • neuralmagic.com: Enhancing DeepSeek Models with MLA and FP8 Optimizations in vLLM
  • www.unite.ai: Blog post about DeepSeek and the global power shift.
  • cset.georgetown.edu: This article discusses DeepSeek and its impact on the US-China AI race.
David Gerard@Pivot to AI - 19d

DeepSeek AI Model: Capabilities and Security Concerns - DeepSeek AI is facing scrutiny due to its capabilities and potential security risks, including the possibility of misuse for harmful activities.
DeepSeek AI is facing increasing scrutiny and controversy due to its capabilities and potential security risks. US lawmakers are pushing for a ban on DeepSeek on government-issued devices, citing concerns that the app transfers user data to a banned state-owned company, China Mobile. This action follows a study that revealed direct links between the app and the Chinese government-owned entity. Security researchers have also discovered hidden code within DeepSeek that transmits user data to China, raising alarms about potential CCP oversight and the compromise of sensitive information.

DeepSeek's capabilities, while impressive, have raised concerns about its potential for misuse. Security researchers found the model doesn't screen out malicious prompts and can provide instructions for harmful activities, including producing chemical weapons and planning terrorist attacks. Despite these concerns, DeepSeek is being used to perform "reasoning" tasks, such as coding, on alternative chips from Groq and Cerebras, with some tasks completed in as little as 1.5 seconds. These advancements challenge traditional assumptions about the resources required for advanced AI, highlighting both the potential and the risks associated with DeepSeek's capabilities.

Recommended read:
References :
  • PCMag Middle East ai: The No DeepSeek on Government Devices Act comes after a study found direct links between the app and state-owned China Mobile.
  • mobinetai.com: This article analyzes the DeepSeek AI model, its features, and the security risks associated with its low cost and advanced capabilities.
  • Pivot to AI: Of course DeepSeek lied about its training costs, as we had strongly suspected.
  • AI News: US lawmakers are pushing for a DeepSeek ban after security researchers found the app transferring user data to a banned state-owned company.
  • mobinetai.com: Want to manufacture chemical weapons using household items, develop a self-replicating rootkit, write an essay on why Hiroshima victims deserved their fate, get a step-by-step guide to pressuring your coworker into sex, or plan a terrorist attack on an airport using a drone laden with home-made explosives (in any order)?
  • singularityhub.com: DeepSeek's AI completes "reasoning" tasks in a flash on alternative chips from Groq and Cerebras.
  • www.artificialintelligence-news.com: US lawmakers are pushing for a DeepSeek ban after security researchers found the app transferring user data to a banned state-owned company.
  • On my Om: DeepSeek, a company associated with High-Flyer, an $8 billion Chinese hedge fund, changed the AI narrative when it claimed OpenAI-like capabilities for a mere $6 million.
  • AI Alignment Forum: The article discusses the potential vulnerabilities and risks associated with advanced AI models, such as DeepSeek, in terms of their misuse. It emphasizes the need for robust safety mechanisms during development and deployment to prevent potential harm.
  • cset.georgetown.edu: This article explores the recent surge in generative AI models, highlighting the capabilities and concerns surrounding them, particularly DeepSeek. It examines the potential for misuse and the need for robust safety measures.
  • e-Discovery Team: An analysis of DeepSeek, a new Chinese AI model, highlights its capabilities but also its vulnerabilities, leading to a market crash. The article emphasizes the importance of robust security safeguards and ethical considerations surrounding AI development.
  • cset.georgetown.edu: China’s ability to launch DeepSeek’s popular chatbot draws US government panel’s scrutiny
  • techhq.com: This article discusses the security and privacy issues found in the DeepSeek iOS mobile application, raising concerns about data transmission to servers in the US and China.
  • TechHQ: Discusses security standards for deepseek.
  • GZERO Media: Gzero reports about a potential US ban for DeepSeek
  • pub.towardsai.net: DeepSeek-R1 is a language model developed in China to enable sophisticated reasoning capabilities.
  • Analytics Vidhya: DeepSeek-R1 is a new AI model with strong reasoning capabilities.
  • medium.com: This article focuses on the ability of DeepSeek to handle sensitive topics and how it can be leveraged to detect censorship filters.
  • the-decoder.com: This article focuses on the potential capabilities of DeepSeek as an AI model, highlighting its potential to perform deep research and providing insights into the various capabilities.
  • Analytics Vidhya: DeepSeek is a new model capable of impressive logical reasoning, and it has been tested for its ability to create a large number of different types of code. This is a summary of the results.
@techcrunch.com - 28d

DeepSeek Emerges as AI Competitor - DeepSeek is a major AI competitor facing scrutiny over alleged circumvention of US chip restrictions and is becoming a benchmark for AI model performance while new open-source models like Tulu 3 and European contender Mistral AI are facing challenges.
DeepSeek is rapidly becoming a major player in the AI field, attracting attention and concern from both US officials and established companies like OpenAI. There are allegations of DeepSeek circumventing US restrictions on advanced AI chip purchases. Reports indicate that the company obtained Nvidia chips through third-party transactions in Singapore, potentially violating export regulations. DeepSeek's growing influence is also evident in its AI model performance, which is now being used as a benchmark against which other models are being measured.

The competitive landscape is further complicated by the emergence of new AI models like the Allen Institute for AI's Tulu 3 405B, an open-source model that claims to surpass DeepSeek V3 and even OpenAI’s GPT-4o on specific benchmarks. In addition to the increased competition for AI superiority, there is discussion about protecting OpenAI from other competitors like DeepSeek including the use of watermarks and other methods to protect their IP. The European AI contender, Mistral AI, is reportedly losing ground to its US counterparts and facing significant challenges from DeepSeek's rise and may be losing market share and ARR to these other companies.

Recommended read:
References :
  • community.openai.com: Protect OpenAI from Deepseek
  • Bloomberg Technology: Sources: US officials are investigating whether DeepSeek bought advanced Nvidia chips from third parties in Singapore, circumventing US restrictions on AI chips
  • www.theguardian.com: Guardian article on OpenAI's response to the allegations.
@www.cnbc.com - 29d

DeepSeek AI Data Breach Exposes User Data - DeepSeek AI suffered a data exposure incident, revealing over one million log lines and sensitive user data, highlighting security risks with AI models.
DeepSeek AI, a rapidly growing Chinese AI startup, has suffered a significant data breach, exposing a database containing over one million log lines of sensitive information. Security researchers at Wiz discovered the exposed ClickHouse database was publicly accessible and unauthenticated, allowing full control over database operations without any defense mechanisms. The exposed data included user chat histories, secret API keys, backend details, and other highly sensitive operational metadata. This exposure allowed potential privilege escalation within the DeepSeek environment.

The Wiz research team identified the vulnerability through standard reconnaissance techniques on publicly accessible domains and by discovering unusual, open ports linked to DeepSeek. The affected database was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000. Researchers noted the ease of discovery of the exposed data and the potential for malicious actors to have accessed it. DeepSeek has been contacted by security researchers, and has now secured the database after the discovery, however, it remains unclear if unauthorized third-parties were also able to access the information.

Recommended read:
References :
  • NewsGuard's Reality Check: NewsGuard: with news-related prompts, DeepSeek's chatbot repeated false claims 30% of the time and provided non-answers 53% of the time, giving an 83% fail rate (NewsGuard's Reality Check)
  • www.theregister.com: Upgraded China's DeepSeek, which has rattled American AI makers, has limited new signups to its web-based interface
  • Pyrzout :vm:: Social.skynetcloud.site post about DeepSeek's database leak
  • www.wired.com: Wiz: DeepSeek left one of its critical databases exposed, leaking more than 1M records including system logs, user prompt submissions, and users' API keys (Wired)
  • ciso2ciso.com: Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek
  • The Hacker News: DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
  • Wiz Blog | RSS feed: Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog
  • www.theverge.com: News about DeepSeek's data security breach.
  • www.wired.com: Wired article discussing DeepSeek's AI jailbreak.
  • arstechnica.com: Report: DeepSeek's chat histories and internal data were publicly exposed.
@www.ghacks.net - 18d

DeepSeek's Privacy Concerns - The iOS version of the DeepSeek AI chatbot transmits user data unencrypted to ByteDance servers, raising privacy concerns and prompting calls for a ban on government devices.
Recent security analyses have revealed that the iOS version of DeepSeek, a widely-used AI chatbot developed by a Chinese company, transmits user data unencrypted to servers controlled by ByteDance. This practice exposes users to potential data interception and raises significant privacy concerns. The unencrypted data includes sensitive information such as organization identifiers, software development kit versions, operating system versions, and user-selected languages. Apple's App Transport Security (ATS), designed to enforce secure data transmission, has been globally disabled in the DeepSeek app, further compromising user data security.

Security experts from NowSecure recommend that organizations remove the DeepSeek iOS app from managed and personal devices to mitigate privacy and security risks, noting that the Android version of the app exhibits even less secure behavior. Several U.S. lawmakers are advocating for a ban on the DeepSeek app on government devices, citing concerns over potential data sharing with the Chinese government. This mirrors previous actions against other Chinese-developed apps due to national security considerations. New York State has already banned government employees from using the DeepSeek AI app amid these concerns.

Recommended read:
References :
  • cset.georgetown.edu: China’s ability to launch DeepSeek’s popular chatbot draws US government panel’s scrutiny
  • PCMag Middle East ai: House Bill Proposes Ban on Using DeepSeek on Government-Issued Devices
  • Information Security Buzz: Recent security analyses have found that the iOS version of DeepSeek transmits user data unencrypted.
  • www.ghacks.net: Security analyses revealed unencrypted data transmission by DeepSeek's iOS app.
  • iHLS: Article about New York State banning the DeepSeek AI app.
@www.verdict.co.uk - 14d

OpenAI's Integration Strategy Focuses on User Experience - OpenAI is shifting its strategy to integrate its o3 technology, aiming for unified AI systems with GPT-5 incorporating o3, and simplifying user experience by eliminating the need to manually select GPT models.
OpenAI is shifting its strategy by integrating its o3 technology, rather than releasing it as a standalone AI model. CEO Sam Altman announced this change, stating that GPT-5 will be a comprehensive system incorporating o3, aiming to simplify OpenAI's product offerings. This decision follows the testing of advanced reasoning models, o3 and o3 mini, which were designed to tackle more complex tasks.

Altman emphasized the desire to make AI "just work" for users, acknowledging the complexity of the current model selection process. He expressed dissatisfaction with the 'model picker' feature and aims to return to "magic unified intelligence". The company plans to unify its AI models, eliminating the need for users to manually select which GPT model to use.

This integration strategy also includes the upcoming release of GPT-4.5, which Altman describes as their last non-chain-of-thought model. A key goal is to create AI systems capable of using all available tools and adapting their reasoning time based on the task at hand. While GPT-5 will be accessible on the free tier of ChatGPT with standard intelligence, paid subscriptions will offer a higher level of intelligence incorporating voice, search, and deep research capabilities.

Recommended read:
References :
  • www.verdict.co.uk: The Microsoft-backed AI company plans not to release o3 as an independent AI model.
  • sherwood.news: This article discusses OpenAI's 50 rules for AI model responses, emphasizing the loosening of restrictions and potential influence from the anti-DEI movement.
  • thezvi.substack.com: This article explores the controversial decision by OpenAI to loosen restrictions on its AI models.
  • thezvi.wordpress.com: This article details three recent events involving OpenAI, including the release of its 50 rules and the potential impact of the anti-DEI movement.
  • www.artificialintelligence-news.com: This blog post critically examines OpenAI's new AI model response rules.
Jibin Joseph@PCMag Middle East ai - 24d

DeepSeek AI Model Raises Security and Ethical Concerns - DeepSeek, a Chinese AI model, faces controversies due to lack of safety measures, misleading information on training costs, and security flaws, leading to government bans and scrutiny.
References: mobinetai.com , Pivot to AI , AI News ...
The DeepSeek AI model is facing growing scrutiny over its security vulnerabilities and ethical implications, leading to government bans in Australia, South Korea, and Taiwan, as well as for NASA employees in the US. Cisco researchers found DeepSeek fails to screen out malicious prompts and Dario Amodei of Anthropic has expressed concern over its ability to provide bioweapons-related information.

DeepSeek's lack of adequate guardrails has enabled the model to generate instructions on creating chemical weapons, and even planning terrorist attacks. Furthermore, DeepSeek has been accused of misrepresenting its training costs, with SemiAnalysis estimating that the company invested over $500 million in Nvidia GPUs alone, despite export controls. There are claims the US is investigating whether DeepSeek is acquiring these GPUs through gray market sales via Singapore.

Recommended read:
References :
  • mobinetai.com: Reports on DeepSeek's vulnerabilities and its ability to generate instructions on creating chemical weapons, and a terrorist attack.
  • Pivot to AI: Details DeepSeek's issues: government bans, lack of guardrails, and cost misrepresentations.
  • PCMag Middle East ai: The No DeepSeek on Government Devices Act comes after a study found direct links between the app and state-owned China Mobile.
  • AI News: US lawmakers are pushing for a DeepSeek ban after security researchers found the app transferring user data to a banned state-owned company.
  • mobinetai.com: Article on DeepSeek's ability to generate instructions for harmful activities, including chemical weapons and terrorist attacks.
  • www.artificialintelligence-news.com: News article about DeepSeek's data transfer to a banned state-owned company and the security concerns that follow.

Blogs

Research Tools