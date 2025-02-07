The hype around DeepSeek overshadowed a bigger debate over Chinese AI that is only just beginning: Could models made in China make the US more vulnerable to cybersecurity attacks?

When DeepSeek released its most advanced AI model, called R1, last month, it was hailed for its advanced capabilities relative to its size, and was cheaper to run than many rivals made by big tech companies. And it’s open source, making it free for anyone to use.

At the same time, security experts were probing the model and finding fewer built-in protections meant to prevent the software from being misused. Palo Alto Networks said it found that R1 was particularly susceptible to three techniques aimed at “jailbreaking” attacks that essentially render AI models defenseless against anyone trying to control them.

AD

Much of the concern has centered on DeepSeek’s mobile app, which shot to the top of the Apple App Store rankings and remained there for over a week. And while the app notably gathers large amounts of data about users and sends it to China, the risks it poses are more or less understood and out in the open.

What’s less known is whether the open-source model weights could pose risks even outside of the mobile app. Anyone can download it and, with a reasonably powerful consumer computer, run it locally. What they do with it after that determines the potential risks. If the model ever connects to the internet or the outside world, the risk is very low. If it’s granted access to data and given expanded capabilities, the possibility for problems increases.

Alex Stamos, the chief information security officer for SentinelOne — who held a similar post at Facebook — said the risks posed by the model weights are more theoretical, and would arise if companies eventually chose to expand the uses of AI models, giving them more power to control computer systems — what’s known as “agentic” AI.

AD

“There will be future risks, for sure, because the way these models work are going to have to change for what people want,” he said.