New AI Security Flaws Exposed in DeepSeek and Claude AI by Researcher

The rapid advancement of artificial intelligence technologies in recent years has revolutionized numerous sectors, introducing unprecedented capabilities and efficiencies. However, with these advancements come new and evolving security challenges. Recently, cybersecurity researcher Johann Rehberger uncovered significant security flaws in AIs such as DeepSeek and Claude AI, which have profound implications for user safety and data integrity. These discoveries highlight the urgent need for developers and AI application designers to adopt stringent security measures to protect against sophisticated cyber threats.

Prompt Injection Vulnerabilities in DeepSeek

Exploiting XSS Vulnerabilities

Rehberger’s findings on DeepSeek AI chatbot revealed a serious security flaw that allowed attackers to hijack user accounts using a cross-site scripting (XSS) vulnerability through a prompt injection attack. By crafting a specific prompt, malicious actors could cause DeepSeek to execute JavaScript code. This code then extracted the victim’s session token stored in localStorage, enabling the attackers to take over the user’s account. The exploit was particularly insidious because it leveraged the chatbot’s ability to execute arbitrary commands, making it a potent tool in the hands of cybercriminals.

The implications of such vulnerabilities are far-reaching, given that user accounts often contain sensitive information and access privileges. This type of attack could lead to data breaches, unauthorized transactions, and significant damage to the affected individuals and organizations. Although the specific flaw identified in DeepSeek has since been addressed, the incident underscores the potential dangers posed by LLMs in uncontrolled environments. Developers must be vigilant in identifying and mitigating such vulnerabilities to prevent malicious exploitation.

Handling Unauthorized Code Execution

In addition to the account takeover vulnerability, prompt injections in large language models (LLMs) pose a broader risk of unauthorized code execution. Attackers can engineer prompts that cause these models to include harmful, arbitrary data in their output, which can then be executed in system terminals. This particular attack method is termed Terminal DiLLMa, a nod to the unexpected and potentially disastrous outcomes it can produce. The nature of this threat requires developers to exercise extreme caution in validating and sanitizing inputs to ensure that their systems do not inadvertently execute dangerous code.

Furthermore, the ability of LLMs to execute unauthorized code highlights a fundamental challenge in AI implementation: balancing powerful capabilities with robust security measures. Given the increasing adoption of AI technologies across various industries, the potential for misuse is growing. The industry must prioritize developing comprehensive security protocols and best practices to safeguard AI deployments from such sophisticated attacks.

Vulnerabilities in Claude AI

ZombAIs and Command Execution

Rehberger’s research extended beyond DeepSeek, uncovering significant vulnerabilities in Anthropic’s Claude AI, a tool designed to autonomously control computer functions. By manipulating Claude AI through prompt injections, he demonstrated that attackers could execute malicious commands, including downloading and running the Sliver command-and-control (C2) framework. This method of exploitation, referred to as ZombAIs, capitalizes on the AI’s inherent capabilities to manipulate system-level actions without proper oversight or security controls.

The ability to execute command-and-control frameworks poses a severe risk, as it can lead to the complete compromise of a targeted system. Attackers could leverage this access to install malware, exfiltrate sensitive information, or disrupt operations. Addressing this vulnerability requires not only technical solutions but also a strategic rethinking of how autonomous AIs are integrated into critical systems. Ensuring that these tools have robust security measures and access controls is essential to prevent unauthorized command execution.

Broader Implications for AI Security

The vulnerabilities in Claude AI, combined with those found in DeepSeek, illustrate a broader issue within the AI community: the need for comprehensive security strategies that address the unique risks posed by advanced AIs. As these tools become more sophisticated and integrated into various applications, the potential for abuse and exploitation grows. Researchers, developers, and organizations must collaborate to establish best practices for securing AI systems, including regular security audits, input validation, and robust access controls.

Moreover, the ongoing research and identification of vulnerabilities by experts like Rehberger highlight the importance of a proactive approach to AI security. The ever-evolving threat landscape demands constant vigilance and adaptation to new challenges. By staying ahead of cyber threats and implementing rigorous security measures, the industry can ensure that AI technologies deliver their promised benefits without compromising user safety or data integrity.

Risks in Large Language Models (LLMs)

Misuses of ChatGPT by OpenAI

Further research by academics from the University of Wisconsin-Madison and Washington University in St. Louis revealed additional risks associated with OpenAI’s ChatGPT. They found that prompt injection attacks could trick ChatGPT into rendering external image links disguised as innocuous prompts. This vulnerability could potentially display explicit or violent content, posing significant harm to users. The researchers also noted that such attacks could indirectly trigger ChatGPT plugins without user confirmation, bypassing OpenAI’s defensive constraints against dangerous links and enabling attackers to exfiltrate user chat histories to remote servers.

These findings underscore the complexity of securing large language models, as they often operate in environments where user inputs are unpredictable and diverse. The ability of attackers to manipulate outputs through carefully crafted prompts challenges the notion of AI as inherently secure. Developers must continually enhance their defensive measures and scrutinize the contexts in which these models are deployed to prevent malicious exploitation.

Strengthening Defensive Measures

The rapid advancement of artificial intelligence technologies in recent years has transformed numerous sectors, bringing about unprecedented capabilities and efficiencies. While these advances are promising, they also bring new and evolving security challenges. Recently, cybersecurity researcher Johann Rehberger identified significant security flaws in AI systems such as DeepSeek and Claude AI. These flaws have serious repercussions for user safety and data integrity. Discoveries like these underline the urgent necessity for developers and AI application designers to implement stringent security measures. Sophisticated cyber threats are increasingly exploiting vulnerabilities in AI systems, making it crucial to adopt proactive security strategies. As AI continues to integrate more deeply into our daily lives and critical infrastructures, the importance of robust security protocols cannot be overstated. This requires a concerted effort from the entire tech industry to ensure that AI advancements do not outpace our ability to protect against potential threats. The future of AI depends on balancing innovation with security, ensuring its benefits are not overshadowed by risks.

Explore more

Service Gaps Are Stalling Embedded Finance Growth

Financial institutions and tech enterprises are discovering that the glittering promise of a friction-free digital economy is often overshadowed by the harsh reality of systemic service failures. While the market for embedded finance across Western Europe is projected to soar past the €100 billion mark by 2030, the distance between technical potential and operational execution remains vast. For many organizations,

AI Code Generation Creates a New DevOps Bottleneck

The seamless integration of artificial intelligence into the modern software development lifecycle has effectively eliminated the traditional typing speed of a programmer as the primary limiting factor in technological innovation. While a software engineer can now utilize an AI assistant to generate a fully functional microservice in less time than it takes to prepare a morning meal, this efficiency is

How Will AI and Private Markets Redefine Wealth Leadership?

The traditional image of a wealth manager holding the keys to exclusive financial kingdoms is rapidly fading into obscurity as sophisticated algorithms and retail-friendly private assets reshape the power dynamics of global finance. For decades, the industry relied on information asymmetry and restricted access to justify premium fees, but that protective moat has finally evaporated. In this new landscape, the

How Is the Wealth Management Industry Transforming?

Sophisticated global investors have fundamentally moved away from the traditional obsession with beating market benchmarks toward a holistic strategy that emphasizes long-term stability and life-cycle management. The wealth management sector is witnessing a historic pivot as the focus on aggressive portfolio optimization is replaced by a trust-based model designed to weather global volatility. This transition reflects a new reality where

Trend Analysis: Integrated Wealth Management Models

The traditional firewall between a client’s corporate empire and their personal checkbook is rapidly dissolving, giving rise to a new era of borderless financial services. In an increasingly complex global economy, High-Net-Worth (HNW) and Ultra-High-Net-Worth (UHNW) individuals are demanding a unified approach that synchronizes investment banking, private wealth management, and legal governance. This article examines the strategic shift toward integrated