Potential concern with Deepseek R1

Thanks. Does it support composer?

Not yet, but they said in an other thread that it’s coming.

I sure hope you guys are continuously monitoring there are no backdoors appearing post installation with Deepseek even on fireworks.ai - I have just lost a ton of productivity due to a Chinese back-doored iPhone, acting as a IPv6 link local relay, into my Apple laptop workstation that was also using a pseudo Bluetooth keyboard and mouse for tty sessions into the laptop it seemed … this was definitely state of the art hacking …

The best part was I used Cursor to discover the depth of the penetration into my device and develop a solution to stop it, but I’ve still had to park the device in cold storage as the next issue that arouse was a near field communications exploit I have been unable to stop. So far …

I strongly recommend not having any iPhones within 100 feet of any sensitive workstations or servers.

Please be extremely careful with Deepseek. They have used an illegitimate training method for it as well. I believe it highly probable Deepseek is a honeypot, somehow.

The mental hospital called and said an escaped patient who loves conspiracy theories - I gave them your account. Hope they can help you.

3 Likes

Some large companies in the US are already implementing it as available in their infrastructures and services:

https://azure.microsoft.com/en-us/blog/deepseek-r1-is-now-available-on-azure-ai-foundry-and-github/

It is interesting to see the contrast between the fear and paranoia that some media try to generate and what happens in practice.

I guarantee you the built in bias for this CCP model will be to carve out back doors whenever its possible to do so in host and client computing infrastructure. DeepSeek is an intelligent penetration tool, and a lot of people are going to find that out the hard way. It’s a joke anyone believes otherwise.

But don’t you think that companies of the size of Microsoft, Amazon, or even Nvidia itself have analyzed this in depth enough to rule out that hypothesis before offering it massively to their customers and making money from it?

Furthermore, if the problem is not the way it was created, the open source, or the paper itself, but the source of the data, there are projects underway to replicate even that part.

I think that in cases of paradigm shifts like the current one, we must see this beyond its impact on Silicon Valley or the USA. It is something that goes beyond China, and its benefits will help the whole world. I am not just talking about DeepSeek but about the concept of AI and open source.

1 Like

I agree with your sentiment regarding a major shift in the approach to LLM development, but my experience and principles mandate any Chinese technology not be embraced by the west for security reasons.

Look how badly the telco’s willingly got penetrated by Huawei in the early 2000’s, which is now banned. That was a lesson to be learned. The civilian technology space is regarded as a warfront by the Chinese military. There is nothing benevolent going on here as much as people want to believe it.

The process used to train DeepSeek is called Distillation, where the new model learns from the mature model thru millions of queries, there was no curated data set, which in DeepSeeks distillation case was GPT4. As well the NVidia chips for DeepSeek were sourced thru a singapore violation of trade restrictions.

Don’t get me wrong, I have reservations about OpenAI as well, as it’s clear the NSA has taken over the project, and has been endorsed by the Executive branch in doing so. This is not healthy for the industry either. That being said I am impressed with o3-mini very much, it’s seriously improved the work I did with Sonnet 3.5

Though in this case the model itself is out in the open with MIT license right ? I get that the data source is not open but I am not able to understand how hosting the model in fireworks is a security vulnerability.

Unless you think they intentionally have buried some way to do prompt injection and launch a massive attack once everyone is hosting the models?

Is that what you’re saying ?

I don’t know enough about LLM development to accurately predict what could happen with the model itself, or how a nefarious bias could be programmed into it.

But if DeepSeek is a Huawei parallel, and the open source LLM experts have blessed the source code to be free of any hidden penetration biases, then even so, the Huawei Trojan Horse style of penetration is still in play.

A trust attack then plays out with the Western AI community welcoming the DeepSeek originators into their fold, based on the apparent benevolence, and people who should not be trusted, suddenly are. There is going to be problems with influence and future intellectual theft.

This is similar but not the same as to how Huawei operated. Low cost, vendor financed hardware that came with a team of installation and support technicians from China, who were spies, now physically inside your telecom. It seemed like an offer the CEO’s could not refuse, till you accepted and immediately regretted it.