What is DeepSeek, What actually are Large Language Models (LLMs), and the Top 5 security vulnerabilities
By John Bruggeman, virtual Chief Information Security Officer
What is DeepSeek?
DeepSeek AI recently dropped a free AI model comparable to OpenAI’s o1 model. DeepSeek uploaded this free version of their V3 AI model (on Hugging Face AI community) with 32 billion parameters for anyone to download and run on their computer (with a suitable graphics card). Anyone can also query the DeepSeek V3 for free via the web—no need to pay for a subscription to Microsoft for Copilot!
Google, Meta, OpenAI, and Anthropic are spending tens of billions of dollars on millions of GPUs a year to train their AI models. DeepSeek V3 is reported to have been trained on 14.8 trillion tokens using 2,048 NVIDIA H800s, totaling about 2.788 million GPU hours; this calculates to about $5.58 million that its creators spent on training DeepSeek. While the money and computing power won’t lead to real artificial intelligence, it’s inevitable that the AI agents will multiply exponentially. The smaller parameter models (think below 32 billion parameters) fail at a higher rate than those at 32B or 70B parms, but properly tuned, an AI model with 7B parms could run on a phone or tablet.
What can you do?
Are you interested in testing the waters with AI tools like DeepSeek?
We can help define what you want to do with AI, pick the right tool, and implement and manage the tool for you.
There are going to be security issues with these free AI models, so get your AI risk register updated quickly. We can help with the security needs as well!
Read more: Security Program Assessment
What is a large language model (LLM)?
I like the graphics from Randall Munroe about his "machine learning system". You can find this comic and many, many others on his website, www.xkcd.com.
These illustrations can help people understand what OpenAI does (in a general sense) when they build their large language models (LLMs). Think of ChatGPT as big search engine that can generate answers based on the data it sucked up from the Internet. The subsequent training OpenAI did (over years) teaches the LLM to generate a "good" or "correct" response.
Understand that the GPT in ChatGPT stands for generative pre-trained transformer, which means it generates a response (words) based on the training that the algorithm received. The training in this case consists of typing in a query to the model that asks, for example, “What is a cat?” Then, using linear algebra, the database finds words that are close to “cat” in its vast database of words.
When the model responds with “kitten" or "dog" the first few times, you train it (i.e., adjust the ratios and weights) so that it statistically returns the word "pet" 90% of the time. Get a big enough data set (think of all the posts on Reddit or the content in The NY Times or both!) and voila, you have an LLM! So, while this is not real intelligence, it is definitely artificial! ??
Instead, it is a highly complex algorithm that uses a lot of linear algebra. That's what makes this comic so funny. At least to me.
Top five vulnerabilities
What are the top five vulnerabilities that our penetration testing?team discovers when we perform a penetration test?
Drum roll, please…
1.??? Outdated SSL/TLS protocols and weak cipher suites
2.??? Outdated software
3.????Open ports that should not be accessible from the web
4.??? SMB signing configuration issues
5.??? Missing security headers on web applications
You can learn more about these common security vulnerabilities and their risks in this post featuring my discussion with Ryan Hamrick: https://spr.ly/6043xSlS5[HH5]?
About the author
John Bruggeman is a veteran technologist, CTO, and CISO with nearly 30 years of experience building and running enterprise IT and shepherding information security programs toward maturity. He helps companies, boards, and C-level committees improve and develop their cybersecurity programs, create risk registers, and implement compliance controls using industry-standard frameworks like CIS, NIST, and ISO
Senior Network Engineer / Analyst at Banking Systems | Network Infrastructure Designing & Optimization & Security | Cisco CCNP | Microsoft Azure
1 周DeepSeek AI's open-source approach is an exciting development, especially in making AI models more accessible without costly subscriptions. While large-scale models like DeepSeek V3 push the boundaries of AI capabilities, security remains a key concern. Organizations adopting these models must prioritize risk management, especially with open-source implementations. The rapid advancement of AI is impressive, but balancing innovation with security and responsible deployment is crucial.