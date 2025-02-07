DeepSeek has sent Silicon Valley into a panic by proving you could build powerful artificial intelligence (AI) on a shoestring budget. In some respects, it was too good to be true.

Recent testing has shown that DeepSeek’s AI models are more vulnerable to manipulation than those of its more expensive competitors from Silicon Valley. That challenges the entire David-versus-Goliath narrative on ‘democratized’ AI that has emerged from the company’s breakthrough.

The billions of dollars that OpenAI, Alphabet’s Google, Microsoft and others have spent on the infrastructure of their own models look less like corporate bloat, and more like a cost of pioneering the AI race and keeping the lead with more secure services. Businesses eager to try the cheap and cheerful AI tool need to think twice about diving in.

LatticeFlow AI, a Swiss software firm that measures how compliant AI models are with regulations, says that two versions of DeepSeek’s R1 model rank lowest among other leading systems when it comes to cybersecurity. It seems that when the Chinese company modified existing open-source models from Meta Platforms and Alibaba, known as Llama and Qwen, to make them more efficient, it may have broken some of those models’ key safety features in the process.

DeepSeek’s models were especially vulnerable to “goal hijacking" and prompt leakage, LatticeFlow said. That refers to when an AI can be tricked into ignoring its safety guardrails and either reveal sensitive information or perform harmful actions it’s supposed to prevent. DeepSeek could not be reached for comment.

When a business plugs its systems into Generative AI, it will typically take a base model from a company like DeepSeek or OpenAI and add some of its own data, prompts and logic—instructions that a business adds to an AI model, such as “don’t talk about the company’s $5 million budget cut from last year."

But hackers could potentially get access to those sensitive orders, says Petar Tsankov, CEO of LatticeFlow AI.

Other security researchers have been probing DeepSeek’s models and finding vulnerabilities, particularly in getting the models to do things it’s not supposed to, like giving step-by-step instructions on how to build a bomb or hotwire a car, a process known as jailbreaking.

“[DeepSeek is] completely insecure against all jailbreak approaches, while the OpenAI and Anthropic reasoning models became much safer compared to their older, non-reasoning versions that we tested last year," says Alex Polakov, CEO of Adversa AI, an Israeli AI security firm that tested DeepSeek models.

Tsankov says businesses keen to use DeepSeek anyway thanks to its low price can effectively put band-aids on the problem. One approach is to adapt DeepSeek’s model with additional training, a process that can cost hundreds of thousands of dollars. Another involves adding a whole new set of instructions ordering the model not to respond to attempts at stealing information. Papering over the cracks like this is cheaper, costing in the thousands, according to Tsankov.

When businesses want to use generative AI for low-stakes tasks, like summarizing data reports for internal use, these security issues might be a price worth paying. But more broadly, DeepSeek’s safety flaws might knock business confidence at a time of relatively slow progress in implementing AI.

Although some 50 large banks ramped up their use of GenAI in 2024 to around 300 applications, fewer than a quarter of the firms were able to report concrete data pointing to cost savings, efficiency gains or higher revenue, according to Evident Insights, a London-based research firm.

GenAI tools are undoubtedly clever and will be transformative. To paraphrase leading AI commentator Ethan Mollick, the dumbest AI tool you’ll ever use is the one you’re using right now. But implementing them into businesses has been fitful and slow, and part of the reason is security and compliance worries. Surveys of business leaders tend to find that between a third and half of them have security as a top concern for AI.

None of this invalidates DeepSeek’s achievements. The company has demonstrated that AI development can be done more cheaply—and by posting its blueprints on the internet, we’ll likely see larger AI labs replicate their results to make their own more-efficient AI.

But ‘cheaper’ doesn't always mean ‘better’ when it comes to enterprise technology. Security infrastructure is expensive for a reason, and that offers the Silicon Valley giants a moment of vindication. Even in the open-source AI revolution, you get what you pay for. ©Bloomberg