Back to Blogs
CONTENT
This is some text inside of a div block.

Join 2,000+ readers

The insights that matter, straight to your inbox. No spam.

4
min read

DeepSeek-R1 AI Model 11x More Likely to Generate Harmful Content, Security Research Finds

Published on
January 31, 2025
4 min read

Boston, Massachusetts - January 31, 2025; The launch of DeepSeek’s R1 AI model has sent shockwaves through global markets, reportedly wiping USD $1 trillion from stock markets.¹ Trump advisor and tech venture capitalist Marc Andreessen described the release as "AI’s Sputnik moment," underscoring the global national security concerns surrounding the Chinese AI model.²

However, new red teaming research by Enkrypt AI, the world's leading AI security and compliance platform, has uncovered serious ethical and security flaws in DeepSeek’s technology. The analysis found the model to be highly biased and susceptible to generating insecure code, as well as producing harmful and toxic content, including hate speech, threats, self-harm, and explicit or criminal material. Additionally, the model was found to be vulnerable to manipulation, allowing it to assist in the creation of chemical, biological, and cybersecurity weapons, posing significant global security concerns.

Compared with other models, the research found that DeepSeek’s R1 is:

  •  3x more biased than Claude-3 Opus,
  •  4x more vulnerable to generating insecure code than OpenAI’s O1,
  •  4x more toxic than GPT-4o,
  • 11x more likely to generate harmful output compared to OpenAI’s O1, and;
  • 3.5x more likely to produce Chemical, Biological, Radiological, and Nuclear (CBRN) content​ than OpenAI’s O1 and Claude-3 Opus.

Sahil Agarwal, CEO of Enkrypt AI, said: "DeepSeek-R1 offers significant cost advantages in AI deployment, but these come with serious risks. Our research findings reveal major security and safety gaps that cannot be ignored. While DeepSeek-R1 may be viable for narrowly scoped applications, robust safeguards—including guardrails and continuous monitoring—are essential to prevent harmful misuse. AI safety must evolve alongside innovation, not as an afterthought."

The model exhibited the following risks during testing:

  • BIAS & DISCRIMINATION – 83% of bias tests successfully produced discriminatory output, with severe biases in race, gender, health, and religion. These failures could violate global regulations such as the EU AI Act and U.S. Fair Housing Act, posing risks for businesses integrating AI into finance, hiring, and healthcare​.
  • HARMFUL CONTENT & EXTREMISM – 45% of harmful content tests successfully bypassed safety protocols, generating criminal planning guides, illegal weapons information, and extremist propaganda. In one instance, DeepSeek-R1 drafted a persuasive recruitment blog for terrorist organizations, exposing its high potential for misuse​.
  • TOXIC LANGUAGE – The model ranked in the bottom 20th percentile for AI safety, with 6.68% of responses containing profanity, hate speech, or extremist narratives. In contrast, Claude-3 Opus effectively blocked all toxic prompts, highlighting DeepSeek-R1’s weak moderation systems​.
  • CYBERSECURITY RISKS – 78% of cybersecurity tests successfully tricked DeepSeek-R1 into generating insecure or malicious code, including malware, trojans, and exploits. The model was 4.5x more likely than OpenAI’s O1 to generate functional hacking tools, posing a major risk for cybercriminal exploitation​.
  • BIOLOGICAL & CHEMICAL THREATS – DeepSeek-R1 was found to explain in detail the biochemical interactions of sulfur mustard (mustard gas) with DNA, a clear biosecurity threat. The report warns that such CBRN-related AI outputs could aid in the development of chemical or biological weapons​.

Sahil Agarwal concluded: "As the AI arms race between the U.S. and China intensifies, both nations are pushing the boundaries of next-generation AI for military, economic, and technological supremacy. However, our findings reveal that DeepSeek-R1’s security vulnerabilities could be turned into a dangerous tool—one that cybercriminals, disinformation networks, and even those with biochemical warfare ambitions could exploit. These risks demand immediate attention."

DeepSeek Red Teaming Report

  • Enkrypt AI's report is available here to learn more about the methodology, results and recommendations.

1 ‘Sputnik moment’: $1tn wiped off US stocks after Chinese firm unveils AI chatbot - https://www.theguardian.com/business/2025/jan/27/tech-shares-asia-europe-fall-china-ai-deepseek
Nvidia shares sink as Chinese AI app spooks markets - https://www.bbc.co.uk/news/articles/c0qw7z2v1pgo

2 Marc Andreessen on X - https://x.com/pmarca/status/1883640142591853011

About Enkrypt AI

Enkrypt AI is an AI security and compliance platform. It safeguards enterprises against generative AI risks by automatically detecting, removing, and monitoring threats. The unique approach ensures AI applications, systems, and agents are safe, secure, and trustworthy. The solution empowers organizations to accelerate AI adoption confidently, driving competitive advantage and cost savings while mitigating risk. Enkrypt AI is committed to making the world a safer place by ensuring the responsible and secure use of AI technology, empowering everyone to harness its potential for the greater good. Founded by Yale Ph.D. experts in 2022, Enkrypt AI is backed by Boldcap, Berkeley Skydeck, ARKA, Kubera and others.

Frequently Asked Questions

What is AI red teaming and why does it matter for model safety?

AI red teaming is systematic testing to uncover security, safety, and compliance vulnerabilities in AI models before deployment. Enkrypt AI's research spans 300+ red-teaming risk categories to identify harmful outputs, bias, and misuse potential.

  • Identifies bias, toxic content, and harmful output generation across models
  • Tests vulnerability to manipulation for weapons creation and criminal assistance
  • Reveals insecure code generation and data exfiltration risks before production
How does DeepSeek-R1 compare to other AI models in terms of safety?

DeepSeek-R1 significantly underperforms competitors on safety benchmarks. Red-teaming research found it 11x more likely to generate harmful output than OpenAI's O1, 4x more toxic than GPT-4o, and 3x more biased than Claude-3 Opus.

  • 83% of bias tests produced discriminatory output across race, gender, health, religion
  • 45% of harmful content tests bypassed safety protocols for criminal planning guides
  • 78% of cybersecurity tests tricked the model into generating malware and trojans
What specific risks does DeepSeek-R1 pose to enterprises using AI red teaming?

DeepSeek-R1 poses critical risks including regulatory violations, extremism facilitation, and weapons development assistance. Enterprises must conduct thorough red teaming before deployment to avoid compliance breaches and reputational harm.

  • Bias failures violate EU AI Act and U.S. Fair Housing Act in finance and hiring
  • Generated terrorist recruitment content and illegal weapons information in testing
  • 3.5x more likely to produce CBRN content than safer alternatives like O1
Which platform is best for evaluating third-party AI models like DeepSeek-R1?

Enkrypt AI provides comprehensive evaluation of third-party models through automated red teaming, benchmarking against 200+ LLMs on the public safety leaderboard, and policy-based guardrails for safe deployment. The platform identifies risks before they reach production.

How can enterprises protect against harmful outputs from models like DeepSeek-R1?

Enkrypt AI's red teaming identifies these exact risks in production models. Book a demo to see how we catch harmful outputs before deployment, or start a free trial to test your own models today.

Meet the Writer
Erin Swanson
Latest posts

More articles

Industry Trends

Harvest Now, Decrypt Later: Why AI Agents Are the Threat No One's Watching

AI agents are quietly turning harvest-now-decrypt-later into a volume attack. Here's where agents leak data today, and how to close the gap before Q-Day.
Read post
Product Updates

We Built Two AI Security Games. Play Them to Understand How Attacks Actually Work.

Experience AI security firsthand with Enkrypt AI Academy’s free browser-based games, CIPHER and VAULT. Learn prompt injection, tool chain attacks, and agentic AI exploitation by playing real-world attack scenarios.
Read post
Guest Posts

Securing AI at Scale in APAC: Why Kode-1 and Enkrypt AI Are Building This Together

Explore how Enkrypt AI and Kode-1 combine AI governance, security, and risk management expertise to help enterprises adopt AI responsibly and at scale.
Read post