AI Security Wake-Up Call From DeepSeek

DeepSeek, an advanced open-source AI model built by a Chinese company, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, joined this week’s ISMG Editors’ Panel to discuss AI security, risk management and upcoming U.S. policy changes.

See Also: Live Webinar | AI-Powered Defense Against AI-Driven Threats

“It didn’t take very long for independent researchers to find errors,” Curry said. “So, you know, it is this age-old, time-to-market versus quality of security. Engineering is about quality, time and resources. No matter how good your innovation is, you can still have a massive impact, but you’d better have the quality right when you get out there.”

Curry emphasized that AI security requires a new approach. “It’s not good enough to just say, ‘Well, I’m not putting in the sensitive stuff’… it can interpolate, it can infer and it can manufacture things of a quality that you care about,” he said. “You have to treat it as you would treat a human being, a very intelligent one, in a similar situation of trust. And I don’t think we’re doing that. I think we’re still treating it like we treat any other algorithm or body of code.”

Curry joined ISMG’s Anna Delaney, director, productions; Tom Field, senior vice president, editorial; and Michael Novinson, managing editor, ISMG Business, to discuss:

• Implications of security vulnerabilities and a data breach that have surfaced in the weeks since DeepSeek-R1’s launch on Jan. 20;
• Best practices for securing AI models against adversarial attacks and supply-chain risks;
• The potential impact of a new U.S. AI executive order on business and policy frameworks.

The ISMG Editors’ Panel runs weekly. Don’t miss our previous installments, including the Jan. 24 edition on the challenges ahead for the U.S. cybersecurity program and the Jan. 31 edition on DeepSeek’s AI disruption and security risks.