Chinese AI platform DeepSeek faced a “large-scale” cyberattack

Chinese AI company DeepSeek has disabled registrations for its DeepSeek-V3 chat platform following a “large-scale” cyberattack.

DeepSeek has designed a new AI platform that quickly gained attention over the past week primarily due to its significant advancements in artificial intelligence and its impactful applications across various industries. 

DeepSeek’s AI model is highly appreciated due to its exceptional performance, low costs, versatility across various industries, and innovative architecture that enhances learning and decision-making.

The company unveiled a new model that triggered a sharp downturn in the US stock market as the race to dominate the AI industry intensified.

The DeepSeek’s AI Assistant app is one of the most downloaded apps in different countries on the Apple App Store. However, the company announced that they were forced to disable registrations for its DeepSeek-V3 chat platform following a “large-scale” cyberattack.

“Due to large-scale malicious attacks on DeepSeek’s services, we are temporarily limiting registrations to ensure continued service. Existing users can log in as usual. Thanks for your understanding and support.” reads a statement published by the company on its status page.

The AI company did not share details about the attack or its origin, however likely the platform was targeted by a massive DDoS attack.

The company announced that is still investigating the issue.

The DeepSeek’s AI assistant surpassed ChatGPT as the top app on Apple’s App Store on Monday, and a growing number of users and researchers are interested in testing the app.

Researchers from threat intelligence firm KELA confirmed the similarities between DeepSeek R1 and ChatGPT, but pointed out that the former is significantly more vulnerable. 

Today, cybersecurity firm KELA reported that it was able to jailbreak the model to produce malicious outputs. KELA’s AI Red Team successfully bypassed the model’s safeguards, prompting it to generate malicious outputs, including ransomware code, sensitive content fabrication, and instructions for creating toxins and explosives.

While technical issues are common with AI assistants immediately after their launch, experts warn that DeepSeek, being a Chinese company, operates under laws requiring data sharing with authorities.

“KELA’s tests suggest that organizations should exercise caution before adopting DeepSeek, despite its accessibility and affordability. As a Chinese AI company, DeepSeek operates under Chinese laws that mandate data sharing with authorities. Additionally, the company reserves the right to use user inputs and outputs for service improvement, without providing users a clear opt-out option. Furthermore, as demonstrated by the tests, the model’s impressive capabilities do not ensure robust safety, vulnerabilities are evident in various scenarios.” concludes the report. “Organizations prioritizing strong privacy protections and security controls should carefully evaluate AI risks, before adopting public GenAI applications.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, AI platform)