China’s recently launched DeepSeek gen-AI continues to be analyzed by the cybersecurity community. While some researchers have found a jailbreak method that exposed the AI model’s system prompt, others have looked at the recent DDoS attacks aimed at the service.

System prompt jailbreak

Shortly after its launch, security researchers showed that DeepSeek is vulnerable to jailbreaks, including methods that were long patched in other gen-AI services such as ChatGPT. 

Researchers at API security firm Wallarm have also analyzed DeepSeek and its susceptibility to jailbreaking, and found a way to obtain its full system prompt. 

AI models such as DeepSeek and ChatGPT rely on a system prompt to define their behavior, responses and limitations. They typically don’t disclose their system prompt, but there have been claims in the past about extracting ChatGPT’s system prompt.

Researchers at Wallarm claimed in a February 1 blog post that they managed to extract the system prompt from DeepSeek.  

The security firm said its method involved the exploitation of “bias-based AI response logic”, but did not disclose details “due to responsible disclosure requirements”. The company, however, pointed out that DeepSeek was notified and a fix has been deployed. It also published the full text of the system prompt. 

“This full disclosure allows researchers, developers, and security experts to scrutinize the privacy measures, data handling policies, and content moderation rules embedded within DeepSeek’s framework,” Wallarm said in a blog post. 

It added, “It also raises important questions about how AI models are trained, what biases may be inherent in their systems, and whether they operate under specific regulatory constraints—particularly relevant for AI models developed within jurisdictions with stringent content controls.” 

Regarding AI model training, Wallarm is referring to the fact that DeepSeek’s post-jailbreak responses suggested that it used OpenAI data in its training process, a story that made headlines last week. 

Wallarm fed the DeepSeek system prompt text to ChatGPT and asked the latter to perform a comparison between DeepSeek’s and its own system prompt.  

ChatGPT’s conclusion was that a side-by-side comparison “clearly highlights OpenAI’s more flexible and user-centric approach, while DeepSeek aligns with controlled discourse and stricter compliance measures”.

DeepSeek attack analysis

Soon after its popularity soared, DeepSeek informed users that it was forced to block new registrations due to a large-scale cyberattack.

NSFocus has monitored these attacks and reported on Friday that it saw three waves of DDoS attacks targeting IPs associated with the DeepSeek API interface. Attacks targeting the API interface were seen on January 25, 26 and 27, and their average duration was 35 minutes. The API interface development platform was still unavailable on January 28. 

“Attack methods mainly include NTP reflection attack and Memcached reflection attack,” NSFocus said.

The DeepSeek chat system was also targeted, with two DDoS attack waves seen on January 20 and 25, with an average duration of one hour. 

“Attack methods mainly include NTP reflection attack and SSDP reflection attack,” NSFocus reported.

DeepSeek issued a statement about its services being targeted in a cyberattack on January 28, when the attackers were seen adapting the attack in response to measures taken by the Chinese AI company to mitigate impact. 

“The average attack duration is more than 30 minutes, the attack methods are NTP reflection, CLDAP reflection, etc., and the attack characteristics are basically consistent with those of previous attacks,” NSFocus said.

The security firm noted, “From the selection of attack targets to the accurate grasping of timing, and then to the flexible control of attack intensity, the attacker shows extremely high professionalism in every attacking step. This highly coordinated and precise attack suggests that the incident was not accidental, but likely a well-planned and organized cyberattack executed by a professional team.”

The top sources of the DeepSeek DDoS attacks were systems in the United States, the United Kingdom and Australia, according to NSFocus. 

Related: What is DeepSeek, the Chinese AI Company Upending the Stock Market?

Related: Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices

Related: Italy Blocks Access to the Chinese AI Application DeepSeek to Protect Users’ Data