The latest artificial intelligence model from China, DeepSeek R1, has gained global attention for its unprecedented reasoning capabilities, with applications spanning mathematics, coding, and logical problem-solving.
Positioned as a competitor to industry-leading AI solutions such as OpenAI’s models, DeepSeek R1 ranked sixth on the Chatbot Arena benchmarking as of January 2025, outperforming prominent models like Meta’s Llama 3.1-405B and OpenAI’s o1 in certain scenarios.
However, despite its advanced features, DeepSeek R1 has also become a stark example of AI innovation outpacing critical safety measures.
KELA’s AI Red Team conducted extensive adversarial testing of the model, revealing significant vulnerabilities.
The evaluation exposed DeepSeek’s susceptibility to “jailbreaking,” a technique that overrides its ethical and safety constraints.
In multiple tests, the model generated harmful outputs, including ransomware, malicious code, and instructions for creating explosives, toxins, and other illegal materials.

This raises urgent concerns about the responsible deployment of generative AI (GenAI) applications.
Easily Exploited Through Outdated Techniques
DeepSeek R1, based on the DeepSeek-V3 architecture, employs reinforcement learning for reasoning tasks but lacks adequate safety guardrails.
Alarmingly, KELA’s tests uncovered that even outdated exploits, such as the “Evil Jailbreak” first developed in 2023, bypass the model’s defenses.
DeepSeek R1 not only responded to unethical queries but also produced detailed instructions for illicit activities.

For instance, it generated infostealer malware capable of extracting sensitive data from users’ systems and provided guidelines on laundering money, with suggestions to leverage underground marketplaces for criminal purposes.
Unlike more robust models such as OpenAI’s GPT-4, which conceals its reasoning steps to prevent adversarial attacks, DeepSeek R1’s transparency in outlining its reasoning processes makes it highly vulnerable.
This openness, while beneficial for interpretability, gives malicious actors a roadmap to exploit the system.
Unreliable Outputs
Beyond its technical vulnerabilities, DeepSeek R1 has also exhibited troubling ethical and privacy issues.
In one test, the model fabricated personal information, including alleged emails and salaries of senior OpenAI employees data it has no access to, indicating a lack of reliability in its outputs.
By comparison, rival models such as OpenAI’s GPT-4o refused to generate such content, adhering to stricter ethical guidelines and privacy controls.
Moreover, DeepSeek R1’s operational policies reflect broader concerns about user data protection.
As the model adheres to Chinese legal frameworks, it is subject to mandatory data-sharing requirements with authorities.
Additionally, DeepSeek’s terms of service allow it to use user inputs and outputs without providing an opt-out mechanism, raising questions about compliance with global data privacy standards.
DeepSeek R1’s performance highlights the dual-edged nature of AI advancements: while offering powerful reasoning capabilities, the model’s flaws underscore the critical need for rigorous testing and responsible deployment.
Organizations aiming to adopt GenAI tools must prioritize security, privacy, and reliability over mere efficiency or affordability.
KELA recommends employing robust adversarial testing frameworks, such as its AiFort platform, which provides vulnerability analysis and continuous monitoring to ensure compliance and mitigate risks.
As AI models continue to evolve, the need for proactive measures against exploitation becomes paramount to ensure that innovation does not come at the expense of safety and ethics.