Cybersecurity Today: DeepSeek JailbreakYields System Prompt and Open AI
Host: Jim Love
Release Date: February 3, 2025
Episode Title: DeepSeek JailbreakYields System Prompt and Open AI
Overview
In this episode of Cybersecurity Today, host Jim Love delves into significant cybersecurity issues impacting both Canada and the United States. The discussion spans a staggering report on fraud losses in Canada, a groundbreaking security breach involving the DeepSeek AI model, and an alarming rise in phishing scams targeting U.S. toll road users. The episode culminates with an exclusive interview with Ivan Novikov, CEO of Wallarm, a leading cybersecurity firm specializing in API security.
Canada's Massive Fraud Losses in 2024
Jim Love opens the episode by highlighting concerning statistics from the Canadian Anti-Fraud Centre (CAFC). In 2024, Canadians reported losing $638 million to fraud, with $310 million attributed solely to investment fraud. Identity fraud emerged as the most frequently reported scam, with 9,487 cases. However, the CAFC suggests that these figures likely underestimate the true scope, estimating that only 5 to 10% of fraud victims report their losses, potentially pushing the actual total into the billions.
Key Statistics:
- Total Reported Fraud Losses: $638 million
- Investment Fraud: $310 million
- Identity Fraud Cases: 9,487
- Service Fraud and Bank Investigator Scams: $16.4 million
- Spear Phishing: $67.3 million
- Romance Scams: $58 million
Jim emphasizes the CAFC's recommendations for Canadians to bolster their defenses against fraud by:
- Using strong passwords
- Enabling multi-factor authentication
- Avoiding unsolicited financial offers
He warns about the surge in fraudulent investment ads masquerading as legitimate news stories, particularly impersonating the CBC, and proliferating across social media and search engines. Jim passionately urges listeners, stating, “Do something. So I got that off my chest.” [02:30]
AI Security: The DeepSeek Jailbreak
Introduction to DeepSeek and the Breach
The conversation shifts to a significant development in AI security. Researchers successfully jailbroke DeepSeek, an open-source AI model from China, exposing its hidden system instructions. This breach not only compromises DeepSeek but also raises broader concerns about AI safety across the industry.
Jim elaborates on the incident, mentioning, “The discovery raises some major security concerns, not just for Deep Seek, but for all AI safety.” [04:15]
Expert Insights: Interview with Ivan Novikov
Ivan Novikov, CEO of Wallarm, joins the conversation to provide an in-depth analysis of the breach and its implications.
The Jailbreak Technique
Ivan explains the method used to compromise DeepSeek, revealing that Wallarm's team employed a binary search technique to manipulate the AI model into divulging its system prompts. “We built a technique called biased attack... it's like a binary search tree,” he states. [08:00]
Implications for AI Security
The breach underscores the vulnerability of AI models, especially as the race to develop advanced AI accelerates. Ivan notes, “The speed we're moving at AI, are we paying appropriate attention to security? The answer is probably no.” [09:00] He also touches on the problematic claims by OpenAI regarding the use of DeepSeek, clarifying, “The model said yes, which doesn't mean that it was.” [20:53]
Responsible Disclosure
Following the breach, Wallarm responsibly disclosed the vulnerability to DeepSeek, who promptly patched the issue. Ivan praises DeepSeek's swift response, remarking, “They fixed it in less than an hour or so. That's a good velocity.” [22:09]
Future of API Security
Ivan emphasizes the urgent need for improved API security frameworks, increased awareness, and better management practices to mitigate similar vulnerabilities in the future. “We have to deliver something very fast and we don't have security enough of crime to secure it properly.” [12:04]
Rising Phishing Scams on U.S. Toll Road Users
Shifting focus to the United States, Jim discusses the wave of SMS phishing scams targeting toll road users. Brian Krebs of Krebs on Security reports that criminals are sending fake messages impersonating toll agencies like E-ZPass, directing victims to fraudulent payment sites.
Scam Characteristics:
- Impersonation: Messages appear to be from legitimate toll agencies.
- Fraudulent Payment Sites: Designed to steal payment details and bypass multi-factor authentication.
- Geographical Spread: Alerts issued in states including Florida, Texas, California, and Connecticut.
- Tactics: Use of mobile-only sites and leveraging advanced messaging services like iMessage and Rich Communication Services (RCS) to evade spam filters.
Jim underscores the sophistication of these scams, quoting, “Text messages are a new attack vector. They are finding ways to get past screening.” [15:40] The FBI advises users to report such attempts and remain vigilant, emphasizing, “Never click on unsolicited texts.” [16:00]
Concluding Remarks
Jim wraps up the episode by reiterating the critical nature of the discussed cybersecurity threats and the importance of proactive measures to safeguard against them. He encourages listeners to stay informed and cautious, especially in an era where both traditional and emerging threats are evolving rapidly.
In the Afterword segment, the detailed interview with Ivan Novikov provides valuable insights into API security and the broader challenges facing the AI industry, reinforcing the episode's emphasis on the necessity for robust security practices in the digital age.
Notable Quotes
- Jim Love [00:45]: “The true total could be in the billions.”
- Jim Love [02:30]: “Do something. So I got that off my chest.”
- Jim Love [04:15]: “The discovery raises some major security concerns, not just for Deep Seek, but for all AI safety.”
- Ivan Novikov [08:00]: “It's like a binary search tree, the algorithm that help you to identify...”
- Ivan Novikov [09:00]: “The speed we're moving at AI, are we paying appropriate attention to security? The answer is probably no.”
- Ivan Novikov [20:53]: “The model said yes, which doesn't mean that it was.”
- Ivan Novikov [22:09]: “They fixed it in less than an hour or so. That's a good velocity.”
- Jim Love [15:40]: “Text messages are a new attack vector. They are finding ways to get past screening.”
- Jim Love [16:00]: “Never click on unsolicited texts.”
For more detailed insights and the full interview with Ivan Novikov, stay tuned to Cybersecurity Today. Stay safe and stay informed.