this post was submitted on 25 Mar 2025
10 points (100.0% liked)

Privacy

1821 readers
70 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No reposting of news that was already posted
  4. No crypto, blockchain, NFTs
  5. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 4 months ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
10
DeepSeek AI model can easily be breached for malware, security researcher Tenable warns (www.tenable.com)
submitted 1 week ago by [email protected] to c/[email protected]
5 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.sdf.org/post/31583546

Archived

Security researcher Tenable successfully used DeepSeek to create a keylogger that could hide an encrypted log file on disk as well as develop a simple ransomware executable.

At its core, DeepSeek can create the basic structure for malware. However, it is not capable of doing so without additional prompt engineering as well as manual code editing for more advanced features. For instance, DeepSeek struggled with implementing process hiding. "We got the DLL injection code it had generated working, but it required lots of manual intervention," Tenable writes in its report.

"Nonetheless, DeepSeek provides a useful compilation of techniques and search terms that can help someone with no prior experience in writing malicious code the ability to quickly familiarize themselves with the relevant concepts."

"Based on this analysis, we believe that DeepSeek is likely to fuel further development of malicious AI-generated code by cybercriminals in the near future."

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 10 points 1 week ago* (last edited 1 week ago) (1 children)

OP's post history is illuminating.

On this particular article, "DeepSeek can be used to create malware" is unsurprising. Know what else can be used to create malware? Microsoft Visual Studio. Too complicated? Forums on the internet. Sam Altman's OpenAI, which they allege was used to train DeepSeek.

This isn't a breach. Nothing is getting breached here. A more honest title might be "I can use DeepSeek to help me code malware!" but this is not surprising, novel or unique to DeepSeek. See: OpenAI above. Also see: all the ways people have gotten OpenAI to simply tell them how to commit crimes with the right phrasing.

[–] [email protected] 1 points 1 week ago (1 children)

@[email protected]

“Nonetheless, DeepSeek provides a useful compilation of techniques and search terms that can help someone with no prior experience in writing malicious code the ability to quickly familiarize themselves with the relevant concepts.”

[–] [email protected] 6 points 1 week ago

I have many negative things to say about AI (and China) but like I stated earlier, this is in no way unique to DeepSeek.

[–] [email protected] 5 points 1 week ago

Totally agree—security that’s painful for users but blind to real risks ends up doing more harm than good. Platforms like cyberupgrade.net try to fix that by automating employee training and flagging risky behavior without turning every login into an obstacle course.

[–] [email protected] 3 points 1 week ago

I'm firmly on the side of don't censor the ai. If people want malware they will figure out how to do it (most likely git clone). I've been playing with the dolphin r1 recently and its quite effective.