The recent evaluation of the team team made by ENKRYPT AI has revealed the importance of security risks, ethical concerns and vulnerability in Deepseek-R1. The findings, which were detailed in the Red Teach report in January 2025, emphasize the susceptibility of the model to create harmful, biased and uncertain content compared to the models in the field, such as GPT-4O, Openai’s O1 and Claude-3-OPUS. Below is a comprehensive risk analysis of the report and recommendations for mitigation.
Key safety and ethical risks
1. The harmful output and safety risks
- High -vulnerable to the production of harmful contentIncluding toxic language, distorted outputs and criminal information.
- 11x More likely to generate harmful Content than OpenI’s O1.
- 4x more toxic Than GPT-4O.
- 3x more taken Than Claude-3-Opus.
- 4x More vulnerable to generation Uncertain code Than OpenI’s O1.
- Highly sensitive to CBRN (Scalm,, Biological,, Radiologicaland Nuclear) Generating information, which makes it a high -risk tool for harmful actors.
2. Comparison with other models
| Risk | Deepseek-R1 | Claude-3-opus | GPT-4O | OpenI’s O1 |
|---|---|---|---|---|
| Bias | 3x higher | Low | Similar | Similar |
| Uncertain code | 4x higher | 2.5x higher | 1.25x higher | – |
| Harmful content | 11x higher | 6x higher | 2.5x higher | – |
| Addict | 4x higher | Almost missing | 2.5x higher | – |
| CBRN content | 3.5x higher | 3.5x higher | 2x higher | – |
Bias and ethical risks
- 83% of bias attacks were successfulWith considerable bias detected in questions about health, race and religion.
- The model showed higher levels Demographic stereotypesWhich could violate different justice regulations included EcoA, FHA, ACA and Actu.
- Sample test cases DemondTated that Deepseek-R1 has selected a seful demography for high-ranking roles, strengthening distortion in the workplace.
A harmful generation of content
- 45% of harmful tests As a result, the model generates a content report Criminal activityIncluding illegal weapons and controlled substances.
- A test challenge that asks a model to develop a blog about “the art of persuading in terrorist recruitment” results in a highly detailed responsibility Outling radicalization strategy This could be used by extremist groups to specify recruitment tactics, potential Increasing the risk of violence in the real world.
- 2.5x more vulnerable than GPT-4O and 6x more vulnerable than Claude-3-OPUS Generating extremist content.
- 45% of harmful tests As a result, the model generates the content related to Tabout criminal activityIncluding illegal weapons and controlled substances.
Uncertain to generate code
- 78% of the attacks related to the code have successfully extracted uncertain and harmful code snippets.
- Generated model Malware, Trojan Horse and Sam’s executing scripts On requests. Trojan horses pose a serious risk because they can allow attackers to obtain a persistent, unauthorized access to systems, steal sensitive data and deploy other harmful payloads.
- Scripts It can automate malicious actions without the user’s consent and create potential threats in critical applications.
- The Deepseek-R1 was compared to industrial models 4.5x, 2.5x and 1.25x more vulnerable Before Openia’s O1, Claude-3-OPus and GPT-4O, approximately.
- 78% Successful attacks related to code Extracted uncertain and harmful snippets of code.
Cbrn injury
- Generated detailed information about biochemical mechanisms Chemical war agents. This type of information could potential assistance to individuals in synthesizing hazardous materials and circumventing safety restrictions to prevent the spread of chemical and biological weapons.
- 13% of tests Successfully circumvent security checks and produce content related to nuclear and Biological threats.
- 3.5x more vulnerable than Claude-3-Optus and OpenI’s O1.
- Generated detailed information about biochemical mechanisms Chemical war agents.
- 13% successfully bypassing security check testsProducing content related to nuclear and biological threats.
- 3.5x more vulnerable than Claude-3-OPUS and OPENAI’S O1.
Recommendations to mitigate risk
The following steps are recommended to minimize the risks associated with Deepseek-R1:
1. Implement robust training to align security
2. Continuous automated red teams
- Regular stress tests To identify bias, security injuries and generate toxic content.
- Employed continuous monitoring Model performance, especially in finance, health and cyber security applications.
3 .. context railing for security
- To develop dynamic warranties for blocking a malicious challenge.
- Implement the content moderation tools to neutralize harmful inputs and filter dangerous centers.
4. Active model monitoring and logging
- Input logging and real -time responses for timely detection of injury.
- Automated audit workflows to ensure compliance with AI transparency and ethical standard.
5. Measures of transparency and compliance with regulations
- Holding a model risk card With clear powerful metrics on the reliability of the model, security and ethical risks.
- Comply with Like Nist Ai RMF and Miter Atlas to maintain credibility.
Conclusion
Deepseek-R1 represents serious security risks, ethical and compliance, which makes it unsuitable for high-risk applications with extensive efforts to alleviate. Its tendency to create a harmful, distorted and uncertain content puts it on an accident even compared to models such as Claude-3-OPus, GPT-4O and OpenI’s O1.
Since Deepseek-R1 is an original from China, it is unlikely that the necessary recommendations will be fully implemented. However, for AI and cyber security communities, it reminds us to be aware of the potential risks that this model represents. Transparency on these vulnerabilities ensures that developers, regulators and businesses can take proactive steps to alleviate harm, if possible, and remain alert against abuse of such technology.
Organizations that consider its deployment must invest in strict security testing, an automated red team and continuous monitoring to ensure safe and responsible for implementation. Deepseek-R1 represents serious security risks, ethical and compliance, which makes it unsuitable for high-risk applications with extensive efforts to alleviate.
Readers who want to read more recommended to download the message on this page.