DeepSeek: Revolutionary AI, Or The “Sputnik” Of Big Tech?

Brought to you by CYRIN


DeepSeek: Revolutionary AI, or the “Sputnik” of Big Tech?


The launch of DeepSeek’s R1 - a stunningly advanced open-sourced AI model from China has rocked the U.S. stock market, the tech market, and has ramifications for the cybersecurity market as well.

Origins Of DeepSeek

In late 2023, Liang Wenfeng, a 40-year-old former hedge fund manager with a degree in AI and a so-called “serial entrepreneur,” founded DeepSeek as a “side project,” after cofounding a wildly successful investment firm — High-Flyer - that used AI to devise trading strategies. As reported in Channel News Asia, under Wenfeng’s leadership, the company grew its assets more than tenfold over a four-year span - from 1 billion yuan (US$138 million) in 2016 to more than 10 billion yuan by 2019, according to official information provided. It also reportedly bought more than 10,000 Nvidia graphics processing units before U.S. AI chip sanctions on China kicked in. Currently, DeepSeek operates as an independent AI research lab under the umbrella of High-Flyer.

Technical Impact

DeepSeek’s R1 Large Language Model (LLM) looks to be a powerful tool that has not only outpaced expectations but appears to be built at a fraction of the cost when compared to other vendors and their development costs. DeepSeek is also providing its R1 models under an open-source license, enabling free use.

DeepSeek’s low-cost AI model grabbed everyone’s attention when it stated in a paper that training its DeepSeek-V3 model (DeepSeek-V3 is the default model, while R1 is a powerful reasoning model) required less than $6 million in computing power using the lower-capability Nvidia H800 chips. This could make it 20 to 50 times more affordable to use than OpenAI's o1 model, depending on the task, according to a post on DeepSeek's official WeChat account.

Even Sam Altman, CEO of OpenAI, speaking on X called “DeepSeek's r1 an impressive model, particularly around what they’re able to deliver for the price.”

Economic Impact

If DeepSeek is truly more cost effective to build and run than current models of U.S. origin, it would represent a seismic shift in the world of open AI technology. The launch of DeepSeek challenges the assumption that the U.S. will lead the way in AI as it did in the expansion of the internet and development of the personal computer. Just as the U.S. fell behind Russia in the Space Race, DeepSeek has companies and industries scrambling for strategies that will avoid a “Sputnik” situation in the world of AI and big tech.

Just prior to DeepSeek’s announcement, the U.S. announced its ambitious Stargate project, looking to invest $500 billion in developing U.S. AI infrastructure over the next four years.

On the other side of the globe, DeepSeek presents a stark contrast with its cost-effective approach. Despite its significantly smaller budget of just $5.6 million, DeepSeek has achieved comparable performance outputs to much larger and more expensive projects.

The impact was significant. “Within days of its release, the DeepSeek AI assistant - a mobile app that provides a chatbot interface for DeepSeek-R1 -  hit the top of Apple’s App Store chart, outranking OpenAI's ChatGPT mobile app.”

This shift rattled markets, driving down the stock prices of major US firms and forcing a reassessment of AI dominance. Nvidia, whose business depends on supplying high-performance processors, appears particularly vulnerable as DeepSeek’s cost-effective approach threatens to reduce demand for premium chips. On Jan. 27, “the Nasdaq Composite dropped by 3.4% at the market opening, with Nvidia declining by 17% (it has recovered in recent days but it’s still off its year-long high) and losing approximately $600 billion in market capitalization.”

How Was It Done With Less Money?

As DeepSeek engineers detailed in a research paper published just after Christmas, the startup used several technological tricks to significantly reduce the cost of building its system. These “tricks” included a method called “mixture of experts,” to significantly reduce the cost of building the technology.

Cyber Problems For Business?

DeepSeek has been heralded by many, but according to some reports, including recent testing as reported in Dark Reading, organizations might want to think twice before using the Chinese generative AI (GenAI) DeepSeek in business applications, after it failed a barrage of 6,400 security tests that demonstrate a widespread lack of guardrails in the model. That's according to researchers at AppSOC, who conducted rigorous testing on a version of the DeepSeek-R1 large language model. Their results showed the model failed in multiple critical areas, including succumbing to jailbreaking, prompt injection, malware generation, supply chain, and toxicity. Failure rates ranged between 19.2% and 98%. According to Mali Gorantla, co-founder and chief scientist at AppSOC, "For most enterprise applications, failure rates about 2% are considered unacceptable. Our recommendation would be to block usage of this model for any business-related AI use."

Security Week reported that DeepSeek experienced a massive cyberattack just as researchers have started finding vulnerabilities in the company’s R1 model. DeepSeek said its servers were compromised in a series of attacks that prevented new users from registering, although registered users were not impacted.

Sensitive Data In The Wild

For casual users, such as those downloading the DeepSeek app from app stores, the potential risks and harms remain high. Tests have shown that, compared to other U.S. AI models, it is relatively easy to bypass DeepSeek’s guardrails to write code to help hackers exfiltrate data, send phishing emails and optimize social engineering attacks, according to cybersecurity firm Palo Alto Networks. Other reports indicated that DeepSeek-R1 is four times more likely to “write malware and other insecure code than OpenAI's o1.”

A senior AI researcher from Cisco commented that DeepSeek’s low-cost development may have overlooked its safety and security during the process.

There is no question that DeepSeek marks a sea change in the race to lead the AI world, with U.S. companies scrambling to stay innovative and effective in this ever-changing landscape. No doubt cybersecurity will be a growing concern as DeepSeek is adopted and other open AI systems enter the competitive field.

CYRIN’s Capabilities

At CYRIN, we understand AI and its cybersecurity implications. We continue to work with our industry partners to address major challenges such as the use of new paradigms like AI and zero trust. We set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.

For educators, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce, including being at the forefront of new and future uses of cybersecurity.

Unless you get the “hands-on” feel for the tools and attacks and train on these real-world scenarios, you just won’t be prepared for when the inevitable happens. The best time to plan and prepare is before the attack. Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, with no special software required.

Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself! 

Image: Ideogram

Watch CYRIN: The Next-Generation Cyber Range


Learn More About How CYRIN Online Training Can Benefit You


You Might Also Read: 

Salt Typhoon - The Chinese Telecom Hack:  


If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

 

« TikTok Returns To US App Stores
British Agencies Target Russian Cyber Crime Network »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

Acumin Recruitment

Acumin Recruitment

Acumin is an internationally established Cyber Security recruitment specialist.

CGI Group

CGI Group

CGI is a leading IT and business process services provider. Services include IT consulting, Systems Integration, Application Development, Infrastructure, Business Processes, Digital IP.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

Australian Cyber Security Centre (ACSC)

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.

Adroit Technologies

Adroit Technologies

Adroit Technologies has been developing award winning real-time software for the industrial automation markets for over 25 years.

idappcom

idappcom

idappcom provides unique industry approved software solutions for auditing and enhancing the threat recognition and response capabilities of your corporate security defences.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

infySEC

infySEC

InfySEC is an information security services organization offering Security Technology services, Security Consulting, Security Training, Research & Development.

Cybertonica

Cybertonica

Cybertonica is a FinTech company which detects and prevents fraudulent transactions and reduces risk for financial services organisations.

Identity Defined Security Alliance (IDSA)

Identity Defined Security Alliance (IDSA)

IDSA is a group of identity and security vendors, solution providers and practitioners that acts as an independent source of education and information on identity-centric security strategies.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

ICS-ISAC is a non-profit, public/private Knowledge Sharing Center established to help facilities develop situational awareness in support of local, national and international security.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

Sphinx

Sphinx

Sphinx provide advanced security consulting services and cyber solutions to federal and private industry.

C5 Technology

C5 Technology

C5 Technology specialises in the provision of networking, security, and infrastructure services to enterprises and government agencies.

CodeShield

CodeShield

CodeShield is a SaaS that helps software developers and security teams secure IAM in the public cloud. With us, you detect IAM privilege escalations easily and achieve least privilege.