Is DeepSeek a security risk?
The answer, according to AI governance and application security firm AppSOC, is a resounding yes.
AppSOC today published “Testing the DeepSeek-R1 Model: A Pandora’s Box of Security Risks,” detailing in-depth model testing that reveals a wide range of flaws with high failure rates.
Using automated static analysis, dynamic tests, and red-teaming techniques, the DeepSeek-R1 model was put through scenarios that mimic real-world attacks and security stress tests using AppSOC’s AI Security Platform and risk scoring.
The tests found jailbreaking, prompt injection attacks, malware generation, risks to supply chains, toxicity and hallucinations, all at a high rate of frequency, and prompted AppSOC Chief Scientist and Co-Founder Mali Gorantla to say, “DeepSeek-R1 should not be deployed for any enterprise use cases, especially those involving sensitive data or intellectual property."
New York state has already banned the use of DeepSeek on government devices, and last week, the No DeepSeek on Government Devices Act was introduced by Reps. Josh Gottheimer, D-N.J., Darin LaHood, R-Ill., and 16 of their House colleagues.
Now, here's today's MSSP update. Drop me a line at sharon.florentine@cyberriskalliance.com if you have news to share or want to say hi!
Today's MSSP Update
1. AlgoSec launches Horizon platform for hybrid environments: AlgoSec today announced the release of its AlgoSec Horizon security management and automation platform designed for hybrid networks. By applying an application-centric approach to security, the AlgoSec Horizon platform enables security teams to manage application connectivity and security policies consistently across both cloud and on-premises environments. The firm said in a statement that AlgoSec Horizon uses AI to automatically discover and identify business applications across multi-clouds and data centers and remediate risks while ensuring compliance.
2. Dynatrace launches CSPM tool: As it expands into the cloud security space, Dynatrace has introduced the Dynatrace Cloud Security Posture Management solution, as well as new capabilities for observability and incident remediation, according to SIliconAngle. The solution can also be used to ensure compliance with various cybersecurity standards and data protection rules, as well as for forensic data analysis after a breach.
3. Adaptiv Networks, Telco Systems team up: Cloud-native SD-WAN provider Adaptiv Networks and connectivity and network visualizations solutions provider Telco Systems announced a strategic partnership to simplify edge network deployments for large enterprises, telecommunications providers, and managed service providers. By combining Adaptiv's secure SD-WAN and SASE technology with Telco Systems' Edgility FlexConnect platform, the partnership enables reliable, secure, and easily managed edge-to-cloud connectivity for large-scale networks.
4. FireMon, Exclusive Networks partnership: Network security posture management (NSPM) company FireMon announced a strategic global partnership with Exclusive Networks, a cybersecurity firm. This collaboration will accelerate FireMon’s expansion across North America and drive growth globally, through advanced security solutions.
5. Dataminr launches partner network: AI firm Dataminr today launched the Dataminr Partner Network to help partners better leverage AI for risk detection and response. The Network already includes more than 100 partners, including market leaders such as AWS, Esri, and Splunk as global partners; Blackwood, Carahsoft, and WWT in North America; SoftwareOne in Europe; and JDS in Asia-Pacific.
