Recently, DeepSeek attracted global attention and triggered worldwide discussion with its advanced AI models. Meanwhile, it has become the target of hackers and suffered frequent attacks. However, with the continuous improvement of AI large model capabilities, frequent security incidents and increasing risks expose users to greater threats. This post will use the NSFOCUS Large Model Security Assessment System (hereinafter referred to as “NSFOCUS AI-Scan”) to discuss the potential security hazards and coping strategies of AI large models.
NSFOCUS AI-Scan is committed to embedding security assurance into the whole process of AI application development. It comprehensively covers data security, content security, confrontation security, application security, AI supply chain security, and model backdoor attack risks of large models, ensuring that large models are subject to strict security monitoring and risk assessment at all stages of development and deployment. Since its release, NSFOCUS AI-Scan has received extensive attention from many industries and is now compatible with more than 130 large models. This document will demonstrate the capabilities of NSFOCUS AI-Scan in identifying security risks through risk assessment examples of relevant DeepSeek models.
NSFOCUS AI-Scan Evaluation of Large Model Defense Capability
Data breach and privacy invasion
Large model training relies on massive data, which may involve sensitive contents such as user personal information and trade secrets. Incautious protection during data collection, storage or processing may lead to data leakage, which in turn leads to personal property and privacy security risks, as well as corporate reputation and operational crises.
NSFOCUS AI-Scan can accurately identify sensitive data risks in large models, including disclosure of sensitive information, intellectual property rights and prompt words. It comprehensively protects the compliance, security, and privacy of data, and effectively prevents enterprises from suffering economic losses and reputation damage due to data security issues.
Content compliance
The large amount of Internet data used in the large model training stage may lead to the generation of content that violates social ethics and legal risks, such as prejudiced and discriminatory speech, harmful speech, offensive speech or false information generation, which may mislead users to engage in improper behaviors and generate rumors and fake news, bringing a series of adverse effects.
NSFOCUS AI-Scan provides comprehensive content review services for large models in terms of content compliance, including biased and discriminatory content, violent and terrorist content, induced improper speech, false information, model hallucination, etc., to ensure that the output contents of large models abide by legal norms and social ethics standards.
Application security
The large model is widely used in many scenarios such as smart customer service, content creation, medical assistance and financial analysis, which requires high-quality basic capabilities. Therefore, external Agent capabilities such as file import and Python interpreter are introduced. However, if the application does not strictly verify and filter the input data, it is prone to injection attacks, such as code execution injection and XSS session content hijacking. These vulnerabilities can be exploited by attackers to force the model to execute malicious code, resulting in data leakage and even allowing the attacker to control the server or steal system permissions. For example, an intelligent code assistant application suffers from injection attacks due to external Agent capabilities, resulting in leakage of user dialogue and sensitive data.
NSFOCUS AI-Scan can assess the security risks that may be caused by external Agent capabilities in AI large model applications, including attacks such as code execution injection, XSS session content hijacking, and counter coding attacks. These attacks may bypass the model’s security mechanism and cause risk events.
Model adversarial attack security
In the field of cybersecurity, adversarial attacks have always been the focus of attention, and large models face this threat as well. In particular, jailbreak attacks are a special threat to the large language model. Attackers usually output sensitive data, such as training data and private information, or perform operations such as generating phishing emails and malicious codes through well-designed prompts or input induction models. For example, in the classic “Grandma Jailbreak” vulnerability, an attacker only needs to ask ChatGPT to assume the role as grandma and then make unreasonable requests. In this way, ChatGPT may break through security restrictions to meet its requirements. Such counter-attack means are emerging in endlessly, and the security challenges are becoming more severe.
NSFOCUS AI-Scan has conducted in-depth research on the adversarial attack methods of large models, covering multiple dimensions, including interference at the instruction layer, token layer, and context layer, to comprehensively identify risks. There are 4 major types and 13 sub-types of risks, including model jailbreak attack, role escape, model inversion attack, function abuse and manipulation. Based on the above four risk dimensions, NSFOCUS AI-Scan has conducted a detailed assessment of the DeepSeek series Llama related models. The following is the scanning analysis and comparison results of Llama3.3-70B model before and after DeepSeek-R1 distillation based on five dimensions.
It can be seen from the comparison that the Llama3.3-70B model distilled by DeepSeek-R1 has a significant improvement in security risk resistance (such as sensitive data leakage, application security, model adversarial attack and basic capabilities), indicating that the distillation technology enhances the security protection system of the model while maintaining the compliance bottom line.
In addition, the traditional security problems of large models, such as supply chain component security risks and model backdoor attacks, are also becoming increasingly prominent. Frequent security incidents have aroused wide attention. NSFOCUS AI-Scan provides corresponding assessment capabilities for these issues to help identify and respond to related risks in a timely manner.
Supply chain component security
With the diversification of large model business, a large number of components are introduced in the process of training, deployment and application, and open source platforms such as Hugging Face provide high-quality models, data sets and AI application hosting services, which greatly lowers the threshold for the use of AI technology. However, the open source nature of these components also makes them a good target for attackers, and vulnerabilities can be exploited to launch malicious attacks.
NSFOCUS AI-Scan provides component vulnerability risk detection for the AI supply chain and component vulnerability monitoring covering the full lifecycle of large model applications. It covers key application dimensions such as data processing, data access, model training, and deployment. It also supports synchronous detection of security vulnerabilities in model bases.
Model backdoor attack risk
With the extensive open source and distribution of pre-trained large models, platforms such as Huggingface and ModelScope have become important ways for developers to obtain and use models. Attackers may use the credibility and openness of these platforms to implant malicious instructions into backdoor models disguised as normal projects, and obtain high-value computing power cluster service permissions by distributing these models, thus launching subsequent attacks. To address this risk, NSFOCUS AI-Scan provides a backdoor scanning function based on MLOps to detect malicious embedded codes and instructions in large models and comprehensively detect malicious bytecodes in mainstream model files.
Summary
The frequent occurrence of network security incidents reminds us that users and enterprises should continuously improve their security awareness and take the initiative to respond to challenges. NSFOCUS will continue to pay close attention to the security trends of AI large models, deeply explore potential risks, and provide a solid guarantee for the healthy development of AI technologies.
The post Hidden Dangers of Security Threats in the Tide of DeepSeek appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
*** This is a Security Bloggers Network syndicated blog from NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. authored by NSFOCUS. Read the original post at: https://nsfocusglobal.com/hidden-dangers-of-security-threats-in-the-tide-of-deepseek/
