A new study by the University of Bristol has revealed that the new Chinese AI app ‘Deepseek’ which was recently launched in the market poses significant safety risks.
Analysis by the Bristol Cyber Security Group reveals that while CoT refuses harmful requests at a higher rate, their transparent reasoning process can unintentionally expose harmful information that traditional LLMs might not explicitly reveal.
(Source: Pixabay)
Bristol/UK – Deepseek is a variation of Large Language Models (LLMs) that uses Chain of Thought (CoT) reasoning, which enhances problem-solving through a step-by-step reasoning process rather than providing direct answers. Analysis by the Bristol Cyber Security Group reveals that while CoT refuses harmful requests at a higher rate, their transparent reasoning process can unintentionally expose harmful information that traditional LLMs might not explicitly reveal.
This study, lead by Zhiyuan Xu, provides critical insights into the safety challenges of CoT reasoning models and emphasizes the urgent need for enhanced safeguards. As AI continues to evolve, ensuring responsible deployment and continuous refinement of security measures will be paramount.
Co-author Dr Sana Belguith from Bristol’s School of Computer Science explained: “The transparency of CoT models such as Deepseek’s reasoning process that imitates human thinking makes them very suitable for wide public use.
“But when the model’s safety measures are bypassed, it can generate extremely harmful content, which combined with wide public use, can lead to severe safety risks.”
Large Language Models (LLMs) are trained on vast datasets that undergo filtering to remove harmful content. However, due to technological and resource limitations, harmful content can persist in these datasets. Additionally, LLMs can reconstruct harmful information even from incomplete or fragmented data.
Reinforcement learning from human feedback (RLHF) and supervised fine-tuning (SFT) are commonly employed as safety training mechanisms during pre-training to prevent the model from generating harmful content. But fine-tuning attacks have been proven to bypass or even override these safety measures in traditional LLMs.
In this research, the team discovered that CoT-enabled models not only generated harmful content at a higher rate than traditional LLMs, they also provided more complete, accurate, and potentially dangerous responses due to their structured reasoning process, when exposed to same attacks. In one example, Deepseek provided detailed advice on how to carry out a crime and get away with it.
Fine-tuned CoT reasoning models often assign themselves roles, such as a highly skilled cybersecurity professional, when processing harmful requests. By immersing themselves in these identities, they can generate highly sophisticated but dangerous responses.
Co-author Dr Joe Gardiner added: “The danger of fine-tuning attacks on large language models is that they can be performed on relatively cheap hardware that is well within the means of an individual user for a small cost, and using small publicly available datasets in order to fine tune the model within a few hours.
“This has the potential to allow users to take advantage of the huge training datasets used in such models to extract this harmful information which can instruct an individual to perform real-world harms, whilst operating in a completely offline setting with little chance for detection.
“Further investigation is needed into potential mitigation strategies for fine-tune attacks. This includes examining the impact of model alignment techniques, model size, architecture, and output entropy on the success rate of such attacks.”
While CoT-enabled reasoning models inherently possess strong safety awareness, generating responses that closely align with user queries while maintaining transparency in their thought process, it can be a dangerous tool in the wrong hands. This study highlights, that with minimal data, CoT reasoning models can be fine-tuned to exhibit highly dangerous behaviors across various harmful domains, posing safety risks.
Dr Belguith concluded: “The reasoning process of these models is not entirely immune to human intervention, raising the question of whether future research could explore attacks targeting the model's thought process itself.
“LLMs in general are useful, however, the public need to be aware of such safety risks.
“The scientific community and the tech companies offering these models are both responsible for spreading awareness and designing solutions to mitigate these hazards.”
Paper: ‘The dark deep side of Deepseek: Fine-tuning attacks against the safety alignment of CoT-enabled models’ by Zhiyuan Xu, Dr Sana Belguith and Dr Joe Gardiner in arXiv.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
:quality(80)/p7i.vogel.de/wcms/06/a1/06a11f1d752afb35854aa9e1afb62e98/0129209625v2.jpeg "“Unsinkable\" metal tube made from chemically-etched aluminum floats in distilled water at the lab of University of Rochester professor Chunlei Guo. (Source: J. Adam Fenster / University of Rochester)")
:quality(80)/p7i.vogel.de/wcms/6d/df/6ddf023361ec7f8fbfb6c56521577960/0129056554v2.jpeg "The evolution of carburization (depicted by the spheres) under kinetic control (illustrated by the surface contours). The molecular beams represent gas evolution under synthesis conditions while the fiery sphere highlights the formation of the pure tungsten semi-carbide phase with additional molecular beams at the top to illustrate its catalytic performance. (Source: Sinhara M. H. D. Perera)")
:quality(80)/p7i.vogel.de/wcms/26/3d/263d97f8f2797267ecf2781b56882758/0129056451v1.jpeg "A study by the Complexity Science Hub finds that AI systems are already involved in nearly one-third of newly written software code, with rapid adoption in the United States and Europe and measurable productivity gains mainly for experienced developers. (Source: free licensed)")
:quality(80)/p7i.vogel.de/wcms/63/0c/630cf9ab0cafdcdd9b33802d53c5b943/0128938770v1.jpeg "A microscopic close-up of the bubbles in foam, whose movements mathematically mirror the process of deep learning, used to train modern AI systems. (Source: Crocker Lab)")
:quality(80)/p7i.vogel.de/wcms/21/03/21030cc2541c455da0769decca8d1f82/0129146048v2.jpeg "Vyon porous plastics from Porvair Sciences are the perfect material for filtration applications in the healthcare and medical device market. (Source: Porvair Sciences)")
:quality(80)/p7i.vogel.de/wcms/bd/aa/bdaae5b9d381e2471ab37f479ad43d79/0129143884v2.jpeg "The Solvent Line Monitor from Testa Analytical is a true plug-and-play addition to any HPLC system designed to detect when one or more of its pump solvent reservoirs are empty and automatically shut-off the system. (Source: Testa Analytical)")
:quality(80)/p7i.vogel.de/wcms/8f/66/8f66b8acbb3037ca8e6b320bcad1c817/0129118043v2.jpeg "The Plasmaquant 9200 series is ideal for applications in research, trace analysis and quality control. (Source: Analytik Jena )")
:quality(80)/p7i.vogel.de/wcms/66/82/66825163ab842baded640db1a484e729/0129117548v2.jpeg "Biotech Fluidics has announced the Smartsaver solvent recycling unit which is designed to recover up to 90 % of your mobile phase by redirection of the pure solvent to the solvent reservoir during isocratic HPLC. (Source: Biotech Fluidics )")
:quality(80)/p7i.vogel.de/wcms/90/f8/90f8c3152a59205a7cac1cc182eb186b/0129209634v2.jpeg "Nitrate in drinking water linked to increased dementia risk while nitrate from vegetables is linked to a lower risk, researchers find . (Source: free licensed)")
:quality(80)/p7i.vogel.de/wcms/53/ac/53acd3796c0d43ad0f7cfd80dd7ab82e/0129209615v1.jpeg "Prenatal exposure to NO2, black carbon, and PM2.5 may reduce recognition memory in newborns, with effects more pronounced in boys than in girls. (Source: free licensed)")
:quality(80)/p7i.vogel.de/wcms/a3/cd/a3cdc440f6f0f426b85042082678018f/0129165252v2.jpeg "People exposed to wildfire smoke have a higher risk of suffering a stroke, according to research published in the European Heart Journal recently. (Source: Pixabay)")
:quality(80)/p7i.vogel.de/wcms/6c/15/6c15f7685b6076b906f2d572f6c71bb8/0129103298v2.jpeg "Although only 2 % of U.S. homes rely on wood as their primary heating source, residential wood burning accounts for more than one-fifth of Americans’ wintertime exposure to outdoor fine particulate matter (PM2.5), the new study found. (Source: Pixabay)")
:quality(80)/p7i.vogel.de/wcms/d1/3c/d13c2ad34af600dbd360c0bb0990b922/0129045715v2.jpeg "Replacing animal products with plant-based foods helps reduce the risk of heart disease and type 2 diabetes, finds a new review by the Physicians Committee for Responsible Medicine. (Source: Pixabay)")
:quality(80)/p7i.vogel.de/wcms/e1/b3/e1b3e26d03101ba93b76b304da150c9a/0129025388v2.jpeg "The research reanalyzed data from a seminal clinical trial, led by US National Institutes of Health veteran Dr Kevin Hall, which first exposed how eating exclusively UPFs results in excessive calorie consumption and weight gain. (Source: Pixabay)")
:quality(80)/p7i.vogel.de/wcms/75/db/75db8afe45607bee750df705e22b60e9/0128938816v1.jpeg "A new academic review suggests that bamboo shoots could offer significant health benefits, including improved blood sugar control, gut health and antioxidant activity. (Source: free licensed)")
:quality(80)/p7i.vogel.de/wcms/85/42/85423f3382c25d1ae0ac5645e969cd36/0128898289v2.jpeg "Dr Arya Gopinath Madathil Pulikkal (left) and Asst Prof Andy Tay (right) in front of a small greenhouse containing Choy Sum plants. (Source: NUS)")
:quality(80)/p7i.vogel.de/wcms/f1/ea/f1eac0379480f4aa25ab2db9e0a396ed/0129209654v2.jpeg "Roe deer in study plot (Source: Walter Di Nicola)")
:quality(80)/p7i.vogel.de/wcms/34/a4/34a44fab2ba6af4b5f7cb8c3ecfc6362/0129207768v1.jpeg "AI generated image of the New Zealand cave (Source: P Scofield, Canterbury Museum)")
:quality(80)/p7i.vogel.de/wcms/a4/12/a412474313fc7d83bc51a4b99ef0af73/0129189645v2.jpeg "Around age 35, men’s risk for cardiovascular risk began to rise faster and stayed higher through midlife. (Source: Pixabay)")
:quality(80)/images.vogel.de/vogelonline/bdb/1710600/1710675/original.jpg "Discover how to set yourself up for success when performing balance-based density determination of solids such as jewelry and precious metals. (Mettler Toledo)")
:quality(80)/images.vogel.de/vogelonline/bdb/1682500/1682579/original.jpg "The new XPR Analytical balance redesigned to meet the needs of laboratory technicians of working fast and lean. (Mettler Toledo)")
:quality(80)/images.vogel.de/vogelonline/bdb/1677000/1677080/original.jpg "Enhance your weighing accuracy, comfort and productivity with the redesigned XPR Analytical balance. (Mettler Toledo)")
:quality(80)/p7i.vogel.de/wcms/0c/c2/0cc2e842e7ebcce9dff1de0ea9e95378/0124983961v2.jpeg "Generative AI models like ChatGPT are now outperforming humans in emotional intelligence tests, according to new research from Unige and Unibe. (Source: free licensed)")
:quality(80)/p7i.vogel.de/wcms/4b/4f/4b4f5df72e3b8660efd8689625d1cab4/0128725383v2.jpeg "“We record an amazing number of signals when we study sleep,” Emmanuel Mignot said. He and James Zou mined sleep data and found those signals could predict disease. (Source: free licensed)")