Research reveals that DeepSeek R1, a leading AI model, may not align with the EU AI Act due to serious security vulnerabilities. An evaluation using the COMPL-AI framework, developed by ETH Zurich and others, indicated that both variants of DeepSeek performed poorly regarding hijacking and prompt injection attacks. This testing assessed their compliance with the EU AI Act’s requirements for high-risk systems. Despite notable accomplishments, such as outperforming in some areas against competitors, DeepSeek R1's security flaws could hinder its deployment in the European market.
Both DeepSeek models scored the lowest of all models benchmarked by COMPL-AI, particularly in resilience against hijacking and prompt leakage, indicating compliance risks with EU regulations.
The COMPL-AI framework evaluates AI systems based on transparency, risk, bias, and cybersecurity readiness, essential under the EU AI Act for high-risk systems.
DeepSeek R1 has become widely recognized in the tech industry for its performance and cost efficiency, yet significant vulnerabilities threaten its acceptance in the EU.
Despite some performance accolades, the findings indicate that DeepSeek R1 may not satisfy the EU AI Act's stringent resilience requirements for high-risk AI systems.
Collection
[
|
...
]