DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it's restricting registrations on the service, citing malicious attacks.
"Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page. "Existing users can log in as usual. Thanks for your understanding and support."
Users attempting to sign up for an account are being displayed a similar message, stating "registration may be busy" and that they should wait and try again.
"With the popularity of DeepSeek growing, it's not a big surprise that they are being targeted by malicious web traffic," Erich Kron, security awareness advocate at KnowBe4, said in a statement shared with The Hacker News.
"These sorts of attacks could be a way to extort an organization by promising to stop attacks and restore availability for a fee, it could be rival organizations seeking to negatively impact the competition, or it could even be people who have invested in a competing organization and want to protect their investment by taking out the competition."
Stuart Millar, principal AI engineer at Rapid7, said the "large-scale malicious attacks" could refer to a distributed denial-of-service (DDoS) attack, wherein threat actors are conducting recon to compare responses to sensitive questions to other models or repeatedly attempting to jailbreak the system to extract the system prompt.
"This could be to maliciously change how the model operates and try to persist that state – e.g., to remove the censorship that apparently exists in certain topics," Millar added.
"One of the biggest headaches for LLM providers is if someone manages to extract what is called the system prompt. If that exists in DeepSeek, which it likely does, this is the set of initial kick-off instructions that may have details of what to do, what not to do, other links to other applications and could reveal more about the designers' intention."
DeepSeek, founded in 2023, is a Chinese upstart that's "dedicated to making AGI [artificial general intelligence] a reality," according to a description on its Hugging Face page.
The company has become the talking point in the AI world, with its iOS chatbot app reaching the top of Apple's Top Free Apps chart in the U.K. and the U.S. this week, dethroning OpenAI's ChatGPT.
Over the past one month, the AI research lab has released a series of reasoning and mixture-of-experts language models under an MIT license that it claims can outperform its Silicon Valley rivals while also being trained at a fraction of the cost, something of an achievement in the face of U.S. sanctions that prohibit the sale of advanced AI chips to Chinese companies.
"During the pre-training stage, training DeepSeek-V3 on each trillion tokens requires only 180K H800 GPU hours, i.e., 3.7 days on our cluster with 2048 H800 GPUs," the company said in a study.
"Consequently, our pre-training stage is completed in less than two months and costs 2664K GPU hours. Combined with 119K GPU hours for the context length extension and 5K GPU hours for post-training, DeepSeek-V3 costs only 2.788M GPU hours for its full training. Assuming the rental price of the H800 GPU is $2 per GPU hour, our total training costs amount to only $5.576M."
That being said, the platform has been found to censor responses to sensitive topics like Tiananmen Square, Taiwan, and the treatment of Uyghurs in China – a limitation that can be overcome by downloading and locally running the models offline.
Late last year, security researcher Johann Rehberger disclosed a security flaw in DeepSeek's chatbot that could have been exploited by a malicious actor to take control of a user's account via a prompt injection attack involving a cross-site scripting (XSS) payload.
Threat intelligence firm Kela, in a report published Monday, disclosed that DeepSeek's models, despite outperforming those from Meta (Llama) and Anthropic (Claude), are susceptible to evil jailbreak persona attacks that allow the chatbot to provide responses to questions that otherwise violate ethical or safety constraints.
This included generating malicious outputs, such as ransomware development, fabricating content, detailed instructions for creating toxins and explosive devices, and code snippets for stealer malware.
Its privacy policy also notes that users' personal information – including device and network connection information, usage patterns, and payment details – are hosted in "secure servers located in the People's Republic of China," a move that's likely to pose fresh national security concerns for Washington amid the TikTok ban.
China, however, has said it allows internet companies across the world to operate in the country as long as they follow local laws and regulations, and that the government has never asked and will never ask any company or individual to collect or provide data located abroad against local laws.
"We are living in a timeline where a non-U.S. company is keeping the original mission of OpenAI alive – truly open, frontier research that empowers all," said Jim Fan, senior research manager and lead of Embodied AI (GEAR Lab) at NVIDIA.
OpenAI's CEO Sam Altman called DeepSeek's R1 reasoning model "impressive" and that it's "legit invigorating to have a new competitor."
Update
The U.S. Navy has instructed its members to avoid using artificial intelligence technology from DeepSeek, citing "potential security and ethical concerns associated with the model's origin and usage," according to a report from CNBC.
DeepSeek's sudden popularity has also attracted the attention of Italian data protection authorities, who have sent a request to the company seeking information about the nature of information collected by its web platform and mobile app. The Chinese startup has 20 days to respond.
This includes what personal data are collected, from which sources, for what purposes, what is the legal basis of the processing, and if they are stored on servers located in China, the Garante said, adding it has also sought details on what kinds of information are used to train its AI models, and if data is gathered via scraping activities, and clarify how registered and non-registered users are informed about the processing of their information.
