DeepSeek claims 'malicious attacks' disrupting AI service

AI startup DeepSeek warned this week that its services were facing "large-scale malicious attacks," though the nature of the attacks is unknown.

DeepSeek is a Chinese generative AI vendor that gained fast popularity after the introduction of its first-generation large language models, DeepSeek-R1-Zero and DeepSeek-R1, on Jan. 20. Due to its purported capabilities, purported training cost, popularity and open source nature, DeepSeek's introduction has had enormous ramifications on the tech marketplace.

Computer hardware and AI chipmaker Nvidia, for example, lost nearly $600 billion of its market capitalization Monday, and other U.S. AI vendors suffered significant drops in stock value of their own. Microsoft and Google saw several-point share dips that they are currently recovering from, while Nvidia stock is still roughly 16%-17% down from Friday. DeepSeek also overtook ChatGPT at the top of the Apple App Store's free apps category, where it remains at press time.

On Monday, DeepSeek said on its status page that it was responding to "large-scale malicious attacks" on its services, and that it would limit new user registrations to ensure continued service to existing users. According to status updates, the company began investigating issues it identified as "DeepSeek Web/API Degraded Performance" and implemented a fix. However, issues with new account registration persisted on Tuesday.

"Due to large-scale malicious attacks on DeepSeek's services, registration may be busy," DeepSeek's sign-in page said. "Please wait and try again. Registered users can log in normally. Thank you for your understanding and support."

The vendor did not specify the nature of the attacks, and DeepSeek has not responded to a request for comment. Informa TechTarget asked security experts about what threat activity against an AI model could include.

Rapid7 Principal AI Engineer Stuart Millar said such attacks, broadly speaking, could include DDoS, conducting reconnaissance, comparing responses for sensitive questions to other models or attempts to jailbreak DeepSeek. There could also be efforts to obtain DeepSeek's system prompt.

"One of the biggest headaches for LLM providers is if someone manages to extract what is called the system prompt. If that exists in DeepSeek, which it likely does, this is the set of initial kickoff instructions that may have details of what to do, what not to do, other links to other applications and could reveal more about the designers' intention," Millar said. "Of course, they would never say that in a public statement because it would give people the motivation to do it, but they will be monitoring their incoming prompts and activity over the API, and no doubt people are trying that."

A spokesperson for Cloudflare said in an email that the company does not have any specific insight into DeepSeek. The spokesperson also shared a statement from the company saying that while it "cannot comment on any individual customer," AI companies can be a common DDoS attack target.

"They are especially vulnerable because inference queries to models are expensive so an attacker's malicious requests can crowd out legitimate human requests on an already resource-constrained resource," the statement said. "Cloudflare uses our security AI to differentiate malicious bots from legitimate human users extremely effectively which is why so many of the leading AI companies are Cloudflare customers."

A Trend Micro spokesperson shared a comment from the company's research team, which noted that based on currently available details, the issue could be related to a high volume of traffic from either a surge in popularity for DeepSeek's service or a targeted DDoS attack. However, the research team acknowledged that without more specifics, "it's difficult to confirm the exact cause."

Alexander Culafi is a senior information security news writer and podcast host for Informa TechTarget.