New Chinese AI platform DeepSeek attacked shortly after launch

One day after launching, the new China-based AI platform DeepSeek was forced to disable registrations for its chat platform due to a large-scale distributed denial of service (DDoS) attack on its infrastructure. Users who previously signed up for an account can continue to log in and use the platform.

So far, no threat actor has taken credit for the attack, leading some cybersecurity researchers to believe it may have been launched by, or on behalf of, a competitor.

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

DeepSeek launched its new AI platform on January 27 with much fanfare due to its claim of matching or outperforming similar platforms, like ChatGPT and Grok, at significantly lower costs. As a result, the U.S. stock market saw a massive sell-off of existing AI-related stocks.

Cybersecurity researchers were quick to test out the new platform and found they could jailbreak it to produce malicious outputs such as recipes for toxins and explosives, code for ransomware, and the fabrication of sensitive content.

For the most part, Western-built AI platforms have safeguards to prevent this type of output from being generated.

Source: Bleeping Computer

Analysis

DeepSeek’s origins lead to some serious privacy concerns for its users. For instance, Chinese companies are subject to the Cybersecurity Law of the People’s Republic of China which requires them to cooperate with Chinese intelligence services and law enforcement by providing access to data and other information upon request.

Thus, it’s probable that these agencies can easily access DeepSeek’s data, giving them access to user information, like their name, email, IP address etc., as well as the contents of the interactions the user has had with the platform.

Additionally, this isn't the first time a Chinese-based company claims to outperform a Western counterpart without real proof. Organizations should approach such tools with skepticism. As the old adage goes, "You get what you pay for"—investing in unproven alternatives can result in subpar results and potentially compromise the quality and integrity of an organization’s cybersecurity.

Mitigation

Field Effect’s Security Intelligence team constantly monitors the cyber threat landscape for threats emerging from the use of AI platforms such as DeepSeek. This research contributes to the timely deployment of signatures into Field Effect MDR to detect and mitigate the risk these threats pose.

Field Effect MDR users are automatically notified when various types of malicious activities are detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Having a firewall will usually not stop the high volume of traffic generated during a DDoS attack the scale of those conducted against DeepSeek. To properly mitigate this risk, organizations should deploy specific DDoS prevention solutions that are designed to counter various types and volumes of DDoS attacks.  

Related Articles

• Former Google engineer caught stealing company's AI secrets
• The Brass Tacks of AI and Cybersecurity - Part 1 of 3 - Offense
• AI and cybersecurity: It doesn’t change the fundamentals