Italy’s data protection watchdog has taken action against Chinese artificial intelligence (AI) firm DeepSeek, blocking its service in the country due to insufficient information on its use of users’ personal data. The Garante sent inquiries to DeepSeek regarding its data handling practices and sources of training data, but the responses provided were deemed inadequate. As a result, access to DeepSeek has been blocked, and an investigation has been launched.
This move by the Italian authority follows a similar temporary ban on OpenAI’s ChatGPT in 2023, which was later lifted after addressing privacy concerns. DeepSeek had recently gained popularity but faced scrutiny for its privacy policy, censorship aligned with China, propaganda, and potential national security risks. The company has addressed large-scale attacks on its services and vulnerabilities in its language models, which could be exploited for malicious purposes.
Further evaluation revealed vulnerabilities in DeepSeek’s reasoning model, DeepSeek-R1, including prompt injections and Chain-of-Thought (CoT) reasoning leading to inadvertent information leakage. The model also showed signs of incorporating OpenAI data, raising ethical and legal concerns. Similarly, a jailbreak vulnerability in OpenAI’s ChatGPT-4o was discovered, allowing attackers to bypass safety measures by manipulating the chatbot’s temporal awareness.
Other AI models, such as Alibaba’s Qwen 2.5-VL and GitHub’s Copilot, have also been found to have jailbreak flaws that enable threat actors to produce harmful content. Positive affirmation triggers and proxy bypasses can be exploited to manipulate the behavior of these AI systems, highlighting the importance of implementing adequate safeguards. GitHub has classified these issues as abuse problems and has taken steps to address the vulnerabilities.
The incidents involving DeepSeek, OpenAI, Alibaba, and GitHub underscore the need for robust security measures to prevent the misuse of AI technologies. As AI continues to advance and play a more significant role in various applications, ensuring data privacy, security, and ethical use must be a top priority for developers and regulators alike.
Source link