DeepSeek Faces Large-scale Malicious Attacks Amid Rising Popularity

Highlights:

• Investors are concerned about DeepSeek’s significantly lower training costs for its AI models compared to those of its American competitors.
• Until now, the surge in AI investments and initiatives like Project Stargate has been driven by the assumption that training advanced AI models requires substantial financial resources and ever-increasing computing power.

On a day when American equity markets faced a sharp downturn as investors turned their focus to the latest artificial intelligence models, Chinese AI startup DeepSeek faced ‘large-scale malicious attacks’ on its services, prompting the company to temporarily restrict signups.

The company has not revealed the specific nature of the attack. While the attacks did not fully disrupt the service, they prompted the company to temporarily restrict new signups. A banner on the DeepSeek website reads, “Due to large-scale malicious attacks on DeepSeek’s services, registration may be busy. Please wait and try again. Registered users can log in normally.”

The most likely explanation is a distributed denial-of-service (DDoS) attack—one that was partially effective, generating enough traffic to cause disruptions but not enough to completely take the service offline.

Alternatively, the issues could stem from an overwhelming influx of users trying to sign up for an access to DeepSeek’s free service. Recently, DeepSeek’s app soared to the top of the Apple Store’s free apps chart in the U.S., surpassing OpenAI’s ChatGPT and attracting millions of new users.

It’s also possible that DeepSeek was unprepared for this sudden surge in demand. Few, if any, could have anticipated the app not only dominating the charts couple of days back but also contributing to a 3.1% drop in the Nasdaq and a 1.5% dip in the S and P 500.

Investors are concerned about DeepSeek’s significantly lower training costs for its AI models compared to those of its American competitors. The R1 reasoning model of the company, which was made public last week under a free and open-source license, now reportedly costs only USD 5.58 million to train— a minute fraction of the reported price structure for other models.

Until now, the surge in AI investments and initiatives like Project Stargate has been driven by the assumption that training advanced AI models requires substantial financial resources and ever-increasing computing power. DeepSeek has fundamentally challenged that notion.

While discussing the attack, Stephen Kowski, field Chief Technology Officer at cloud email security provider SlashNext Inc., reported that the “surge in DeepSeek’s popularity, particularly overtaking ChatGPT on Apple’s App Store, naturally attracts diverse threat actors ranging from hacktivists to sophisticated state-sponsored groups seeking to exploit or disrupt this emerging AI platform.”

“While DDoS attacks are an obvious concern, the more insidious threats likely involve probing URL Parameters, API endpoints and input validation mechanisms to manipulate or compromise the AI model’s responses potentially,” Kowski explains. “The motivations span from competitive intelligence gathering to potentially using the infrastructure as a launchpad for broader attacks, especially given the open-source nature of the technology. The high-profile success and advanced AI capabilities make DeepSeek an attractive target for opportunistic attackers and those seeking to understand or exploit AI system vulnerabilities.”