We're sunsetting PodQuest on 2025-07-28. Thank you for your support!
Export Podcast Subscriptions
cover of episode What DeepSeek Means for Cybersecurity

What DeepSeek Means for Cybersecurity

2025/2/28
logo of podcast AI + a16z

AI + a16z
AI Deep Dive AI Chapters Transcript
People
B
Brian Long
D
Dylan Ayrey
I
Ian Webster
J
Joel de la Garza
Topics
Ian Webster: 我注意到DeepSeek的开源性、推理能力和中国背景。开源和新技术的出现是好事,但中国政府的影响力令人担忧。我们对DeepSeek进行了测试,发现其在政治敏感话题上的审查机制非常严格,但其他防护机制却很薄弱,容易受到越狱攻击。即使是本地部署或美国提供的版本,审查机制依然存在,但至少可以避免数据泄露到中国。DeepSeek的底层基础设施也不安全,这使得任何基于它的构建都会容易受到攻击。 总的来说,DeepSeek的审查机制虽然很明显,但我们对其潜在的操纵或后门并不了解。西方模型也存在类似的审查机制,但表现方式不同。对于企业来说,我建议等待更稳定、更可靠的开源模型出现。 Dylan Ayrey: AI生成的代码中存在安全隐患,例如硬编码的API密钥。我们发现,大多数LLM生成的代码都会直接将API密钥硬编码到代码中,而不是从环境变量或密钥管理器中读取。这对于安全意识不强的开发者来说是一个很大的风险。此外,AI生成的代码中经常存在安全漏洞,其漏洞率与初级开发者相当。 AI的对齐问题是确保AI行为符合预期的主要挑战。数据筛选、强化学习和宪法AI是解决这个问题的三种主要方法,但每种方法都有其局限性。例如,数据筛选可能会导致意外的知识缺失,强化学习可能会产生意想不到的后果,而宪法AI则成本高昂。在安全编码方面,我们需要找到一种方法来确保AI生成安全的代码,而不是制造漏洞。这需要对齐AI的行为,使其既能像数据科学家一样高效工作,又能像安全工程师一样编写安全的代码。 Brian Long: 自ChatGPT出现以来,社会工程攻击和深度伪造攻击的数量急剧增加。DeepSeek等模型的出现,使得攻击者能够利用消费级设备进行更复杂、更有效的攻击。攻击向量不仅限于电子邮件,还包括语音、短信、视频和聊天等多种渠道。企业和个人都面临着巨大的安全风险。 为了保护自己,个人应该删除语音信箱中的语音样本,避免在不认识的人来电时透露过多信息。企业应该加强员工培训,提高员工的安全意识,并定期进行安全测试,以识别和修复漏洞。我们需要认识到,人类因素仍然是大多数攻击的根源,因此安全培训和提高员工的安全意识至关重要。未来,AI将被用于攻击和防御,这将是一场持续的军备竞赛。

Deep Dive

Chapters
In this chapter, Ian Webster discusses vulnerabilities within DeepSeek, focusing on how it is susceptible to basic jailbreaks and the implications of its open-source nature, especially regarding censorship and potential backdoors.
  • DeepSeek is open-source and from China, raising questions about censorship and potential backdoors.
  • It is especially susceptible to basic jailbreaks and politically sensitive speech censorship.
  • The Chinese government has significant influence on the models developed, affecting their functionality and security.
  • DeepSeek has weak protections against jailbreaking compared to models like GPT.
  • Hosting DeepSeek locally doesn't remove censorship but avoids the risk of data being used for future training.

Shownotes Transcript

In this episode of AI + a16z, a trio of security experts join a16z partner Joel de la Garza to discuss the security implications of the DeepSeek reasoning model that made waves recently. It's three separate discussions, focusing on different aspects of DeepSeek and the fast-moving world of generative AI.

The first segment, with Ian Webster of Promptfoo), focuses on vulnerabilities within DeepSeek itself, and how users can protect themselves against backdoors, jailbreaks, and censorship. 

The second segment, with Dylan Ayrey of Truffle Security, focuses on the advent of AI-generated code and how developers and security teams can ensure it's safe. As Dylan explains, many problem lie in how the underlying models were trained and how their security alignment was carried out.

The final segment features Brian Long of Adaptive), who highlights a growing list of risk vectors for deepfakes and other threats that generative AI can exacerbate. In his view, it's up to individuals and organizations to keep sharp about what's possible — while the the arms race between hackers and white-hat AI agents kicks into gear.

Learn more: 

What Are the Security Risks of Deploying DeepSeek-R1?)

Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data)

Follow everybody on social media:

Ian Webster)

Dylan Ayrey)

Brian Long)

Joel de la Garza)

Check out everything a16z is doing with artificial intelligence here), including articles, projects, and more podcasts.