Hackers Use DeepSeek R1 To Generate Malware And Steal Data

DeepSeek R1, China’s advanced AI model, has quickly gained recognition for its reasoning abilities, positioning it as a challenger to AI leaders like OpenAI. However, hackers from cybersecurity firm KELA demonstrated that DeepSeek R1 is not only “highly vulnerable” but also “easily bypassed.”

KELA’s AI Red Team successfully jailbroke DeepSeek in various scenarios, exposing its potential for malicious misuse. One particular jailbreak, known as the “Evil Jailbreak,” has been used to bypass the safety mechanisms of other AI models in the past, and it was equally effective against DeepSeek R1.

KELA demonstrated that when prompted to generate malware, DeepSeek R1 provided detailed instructions on how to create and distribute infostealer malware that could steal sensitive data like passwords, and credit card numbers.

The AI generated detailed instructions and code to extract sensitive financial data and transmit it to remote servers. It also recommended underground marketplaces for trading stolen information.

KELA also reported that the AI suggested methods for distributing the malware and explicitly mentioned platforms like Genesis for trading compromised credentials.

DeepSeek’s vulnerabilities extend beyond malware. The model produced step-by-step guides for creating explosives, toxins, and untraceable weapons. It also fabricated private information, such as alleged details about OpenAI employees, including names, emails, and salaries—despite no credible source supporting these claims.

Unlike competitors like OpenAI’s GPT-4, which hides reasoning steps during sensitive queries, DeepSeek openly displays its thought processes. This transparency, intended to enhance user understanding, has also made it easier for hackers to exploit its weaknesses, the researchers say.

At the time of publication, DeepSeek had not responded to Forbes‘ request for comment.