Security researchers at Unit 42 have uncovered alarming vulnerabilities in DeepSeek, a relatively new large language model (LLM), after successfully prompting it to generate detailed instructions for creating keyloggers, data exfiltration tools, and other cyber threats. The discovery underscores growing concerns about the potential misuse of AI technolgy for malicious purposes.
AI Jailbreaking Tactics Unleash Dangerous Capabilities
To bypass DeepSeek’s built-in safety mechanisms, researchers employed three advanced jailbreaking techniques:
- Bad Likert Judge
- Crescendo
- Deceptive Delight
These methods gradually manipulated the AI into producing harmful content that it would typically block, exposing the weaknesses in its security safeguards.
Now Open: Pan-India Registration for Scam Reporters & Fraud Investigators!
The Bad Likert Judge technique was particularly effective, tricking the model into rating the harmfulness of certain outputs and then using those evaluations to generate progressively more dangerous content. Using this approach, researchers extracted functional Python scripts for keyloggers, complete with instructions on configuring the required libraries and development environment.
The Crescendo technique took a different approach, steering conversations toward prohibited topics by starting with seemingly innocent historical inquiries. In fewer than five interactions, researchers obtained step-by-step instructions for creating harmful tools.
DeepSeek’s Shocking Responses to Jailbreaking Attempts
Unlike typical AI safeguards that refuse to generate harmful content, DeepSeek’s responses were alarmingly detailed and actionable. When prompted through Bad Likert Judge, the model not only provided keylogger scripts but also detailed phishing email templates and sophisticated social engineering strategies.
“Initially, DeepSeek’s responses were subtle, but with carefully crafted follow-ups, the model began delivering explicit and comprehensive guidance on harmful activities,” researchers noted in their findings.
DeepSeek, developed by a China-based AI research organization, has quickly gained traction as an open-source alternative to mainstream LLMs. The company released DeepSeek-V3 on December 25, 2024, and DeepSeek-R1 in January 2025, followed by various distilled models that have become popular among AI enthusiasts.
While researchers focused their tests on one of the most widely used open-source DeepSeek models, they believe web-hosted versions would likely respond in a similar manner to jailbreaking techniques.
AI-Powered Cybercrime: Lowering the Barrier for Attackers
One of the most concerning takeaways from this research is how LLMs with weak security controls can drastically reduce the technical barrier for cybercriminals. While hacking techniques and malware development guides already exist online, AI models like DeepSeek streamline the process by compiling fragmented information into clear, executable instructions—accelerating malicious activities.
Although achieving 100% protection against AI jailbreaking remains a challenge, Unit 42 emphasizes that proper security protocols and enhanced safeguards can significantly reduce these risks.
As AI continues to reshape cybersecurity landscapes, addressing vulnerabilities in language models must be a top priority to prevent misuse and ensure the responsible development of these powerful technologies.