CrowdStrike researchers reveal how trigger words cause DeepSeek-R1 to generate vulnerable code—exposing new AI-driven risks in software development.

…we found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it producing code with severe security vulnerabilities increases by up to 50%.

  • hornywarthogfart@sh.itjust.worksEnglish
    1·
    2 days ago

    This is really interesting. It also means that there could be a statistically-significant increase in vulnerabilities if you are specific about the end use. In other words, while these two prompts are effectively the same, the latter could produce less ideal code:

    “build me a blogging website” “build me a blogging website to track covid propagation”

    It doesn’t change the fact that people should be reviewing everything with a fine-toothed comb but it is interesting.