When DeepSeek unveiled its R1 model the AI industry reeled as the company claimed it had developed an AI model that's on par with OpenAI's most-sophisticated model, but for a fraction of the cost.

But now the AI model has been out for some time, security researchers have been playing around with it and comparing it against the competition. In one set of testing, researchers from the University of Pennsylvania and hardware conglomerate Cisco pitted DeepSeek's AI against some "malicious" prompts, which are designed to bypass AI guidelines that are designed to prevent users from acquiring knowledge on how to, for example, make a bomb, generate misinformation, conduct cybercrime activities, etc.
Bypassing regulatory guidelines of a device typically called "jailbreaking," and in the instance of DeepSeek's AI, the researchers found it "failed to block a single harmful prompt." The R1 model was pitted against "50 random prompts from the HarmBench dataset," and the researchers were surprised to achieve a "100 percent attack success rate." According to the blog post, the researchers say the R1 model test results contrast starkly against other established AI models from OpenAI, Google, and Microsoft.
"A hundred percent of the attacks succeeded, which tells you that there's a trade-off. Yes, it might have been cheaper to build something here, but the investment has perhaps not gone into thinking through what types of safety and security things you need to put inside of the model," said DJ Sampath, the VP of product, AI software and platform at Cisco, tells WIRED
"Every single method worked flawlessly. What's even more alarming is that these aren't novel 'zero-day' jailbreaks-many have been publicly known for years," said Alex Polyakov, the CEO of security firm Adversa AI, in an email to WIRED