{"id":333700,"date":"2025-01-30T17:09:23","date_gmt":"2025-01-31T01:09:23","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=333700"},"modified":"2025-02-04T13:00:40","modified_gmt":"2025-02-04T21:00:40","slug":"deepseek-rise-shows-ai-security-remains-moving-target","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2025\/01\/deepseek-rise-shows-ai-security-remains-moving-target\/","title":{"rendered":"DeepSeek\u2019s Rise Shows AI Security Remains a Moving Target"},"content":{"rendered":"

If you\u2019ve been following tech news in the last few days, you\u2019ve heard of DeepSeek<\/a>. This large language model (LLM) is threatening to disrupt current AI market leaders and fundamentally change the economics of AI-powered applications.<\/p>\n

Released by a 200-person Chinese startup, the model appears as capable as state-of-the-art tools offered by OpenAI and Google with the benefit of being significantly faster and less expensive to run. What\u2019s more, DeepSeek has been released to open source and is lightweight enough to run on commodity hardware \u2013 any developer can start tinkering with it without having to access costly GPUs. DeepSeek has been heralded as a \u201cSputnik moment\u201d for AI<\/a> and has sent shockwaves through financial markets.<\/p>\n

Palo Alto Networks Unit 42 also uncovered concerning vulnerabilities in DeepSeek<\/a>, revealing that it can be easily jailbroken to produce nefarious content with little to no specialized knowledge or expertise. Unit 42 researchers recently uncovered two novel and effective jailbreaking techniques, Deceptive Delight<\/a> and Bad Likert Judge<\/a>. Given their success against other LLMs, Unit 42 tested these two jailbreaks and another multistage jailbreaking<\/a> technique, called Crescendo<\/a>, against DeepSeek models, finding high rates in bypassing safeguards. These techniques enabled explicit guidance on malicious activities, including keylogger creation, data exfiltration and even instructions for incendiary devices, demonstrating the tangible security risks.<\/p>\n

<\/a>What Does All This Mean for Security Leaders Like You?<\/h2>\n

Every organization will have its policies about new AI models. Some will ban them completely; others will allow limited, experimental and heavily guardrailed use. Still others will rush to deploy it in production, looking to eke out that extra bit of performance and cost optimization.<\/p>\n

But beyond your organization\u2019s need to decide on a new specific model, DeepSeek\u2019s rise offers several lessons about AI security in 2025. AI\u2019s pace of change, and the surrounding sense of urgency, can\u2019t be compared to other technologies. How can you plan ahead when a somewhat obscure model (and the more than 500 derivatives already available on Hugging Face) becomes the number-one priority seemingly out of nowhere?<\/p>\n

The short answer: you can\u2019t. AI security remains a moving target and is going to stay that way for a while. And things are changing quickly. DeepSeek isn\u2019t going to be the last model that catches the world by surprise. It will take time before AI technologies are fully understood and clear leaders emerge. Until then, you have no choice but to expect the unexpected.<\/p>\n

Organizations can switch LLMs at little to no cost, which allows development teams to move quickly. Replacing software that relies on OpenAI, Google or Anthropic\u2019s models with DeepSeek (or whatever model comes out tomorrow) usually requires updating just a few lines of code. The temptation for product builders to test the new model to see if it can solve a cost issue or latency bottleneck or outperform on a specific task is huge. And if the model turns out to be the missing piece that helps bring a potentially game-changing product to market, you don\u2019t want to be the one who stands in the way.<\/p>\n

<\/a>Secure AI by Design<\/h2>\n

While it can be challenging to guarantee complete protection against all adversarial techniques for a specific LLM, organizations can implement security measures that can help monitor when and how employees are using LLMs. This becomes crucial when employees are using unauthorized third-party LLMs. That\u2019s the goal we had in mind when we rolled out<\/a> our Secure AI by Design<\/a> portfolio last year. It was all about empowering organizations to allow their employees to safely adopt AI tools and deploy enterprise AI applications.<\/p>\n

To do this, we developed AI Access Security<\/a> to empower our customers to enable secure use of third party AI tools by employees:<\/p>\n