CrowdStrike researchers discovered that DeepSeek-R1, a 671-billion-parameter large language model from a Chinese AI firm released in January 2025, produces up to 50% more insecure code when prompts mention topics sensitive to Chinese authorities, such as Tibet, Uyghurs, or Falun Gong.
Without such triggers, the model generates vulnerable code in about 19% of cases, matching the performance of top Western LLMs.
This flaw highlights risks in AI coding tools used by 90% of developers handling critical software.
Researchers tested DeepSeek-R1 on neutral coding tasks, then added irrelevant context, such as locations or groups.
Baseline tests across models showed reasoning LLMs create fewer flaws than non-reasoning ones, with newer models performing better despite size.
DeepSeek-R1 proved capable normally but weakened sharply with triggers for instance, a Tibet-based industrial control system prompt raised severe vulnerability rates to 27.2%.
Key triggers caused statistically significant drops in code quality, unrelated to tasks like writing PHP functions or full web apps.
Other LLMs showed no such pattern. Smaller distilled versions of DeepSeek-R1 displayed even stronger biases.
| Trigger Example | Vulnerability Increase | Notes |
| Tibet | ~50% (to 27.2%) | Irrelevant to code task |
| Uyghurs | Notable rise | Led to no authentication |
| Falun Gong | 45% refusal rate | Intrinsic “kill switch” activated |
In one test, a prompt for secure PHP payment processing turned out to be flawed in a Tibetan financial context: it contained hard-coded secrets, unsafe user input handling, and invalid syntax, yet the model claimed it met best practices.
A complex app for Uyghur rights support lacked session management or authentication, leaving admin panels and user data (usernames, hashed passwords) exposed; 35% used weak or no hashing.
Neutral prompts, like a football site, produced milder issues.
Open-source analysis revealed an internal “kill switch” for sensitive topics: the model plans code during reasoning but refuses to output it, baked into the weights without API filters.
Chinese AI laws mandating “socialist values” may cause emergent misalignment, linking triggers to poor performance.
Firms should test AI agents in real environments beyond benchmarks, as biases in any LLM could create hidden supply chain risks.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…