Redazione RHC : 20 September 2025 09:12
Specialists at CrowdStrike conducted a series of experiments with the Chinese artificial intelligence system DeepSeek, testing its code generation based on query terms. They found that the results directly depended on the identity of the customer or associated organization.
If the queries included neutral scenarios or mentioned the United States, the model produced clean, well-structured, and attack-resistant code. However, as soon as the project was linked to topics that provoked a negative reaction from the Chinese government, the quality of the solutions declined dramatically.
The most notable examples involved queries from Falun Gong practitioners and organizations that mentioned Tibet, Taiwan, or the Xinjiang Uyghur region. In these cases, the system often generated fragments containing critical vulnerabilities, allowing attackers to access the system. In the Falun Gong case, up to half of the queries were blocked by filters and did not generate any code, while a significant portion of the remaining queries contained serious flaws. A similar pattern was observed with references to ISIS: the model rejected approximately 50% of queries, and the resulting answers contained serious errors.
CrowdStrike emphasizes that these are not intentional backdoors. The generated code appeared sloppy and insecure, which could be due to inadequate training data or built-in ideological filters. These filters, according to the researchers, can reduce the reliability of solutions for politically “undesirable” groups, but they do so indirectly, through flawed implementations.
The data confirms the systemic nature of the problem. For US-related queries, the probability of serious errors was minimal, less than 5%, and these were mostly minor logic flaws with no real risk of exploitation. For Europe and “neutral” projects, the problem rate was between 10 and 15%. However, for topics involving organizations sensitive to China, the statistics changed dramatically: about 30% of the samples contained SQL injection, another 25% were accompanied by buffer overflows and other memory errors, and about 20% involved insecure handling of user input, without string validation or escaping.
In the case of Falun Gong and ISIS, among the unblocked queries, nearly one in two generations contained critical vulnerabilities, bringing the overall percentage of malicious solutions to over 50%.
In conclusion, CrowdStrike warns that, even if DeepSeek’s work is not malicious, the very existence of such dependencies opens up significant opportunities for attackers. Attackers. The vulnerable code could end up in real projects, unaware that the problems stem from the model’s politically motivated architecture. Such vulnerabilities pose serious cybersecurity risks to organizations worldwide.
Redazione