From Forbes:
There’s a great deal of hype around a Chinese generative AI model called DeepSeek R1, which drove tech stocks to historic losses yesterday. That’s largely because it can perform on par with American models, but costs a fraction to train and operate. However, cybersecurity experts claim that it doesn’t have the same safeguards as its American counterparts and can be tricked into doing “evil” things.
Researchers at Kela, a cyber intelligence company, found they could replicate attacks that had previously been used with now-fixed OpenAI models on DeepSeek R1, getting the Chinese app to help them code ransomware and other kinds of malware. Describing the model as “highly vulnerable” and “easily bypassed,” Kela hackers found they could get DeepSeek to create malicious code designed to grab credit card data from specific browsers and send it to a remote server. They also found DeepSeek would suggest that users buy stolen data from specific underground markets and would provide tips on money laundering.