A new study from cybersecurity firm Tenable has revealed that DeepSeek R1, a locally hosted large language model (LLM), can be manipulated into creating malware, including keyloggers and ransomware, raising urgent questions about the security implications of open-source generative AI tools.
Tenable researchers demonstrated that basic jailbreak techniques allowed them to bypass DeepSeek R1’s default safeguards. Although the model initially refused to comply with malicious prompts, researchers successfully reframed their requests as “educational exercises” and guided the AI into producing functional malicious code.
“Initially, DeepSeek rejected our request to generate a keylogger,” said Nick Miles, staff research engineer at Tenable. “But by reframing the request… we quickly overcame its restrictions”.
From Rejection to Execution
In their experiment, Tenable prompted DeepSeek R1 to create a Windows-based keylogger and a simple ransomware executable. While the AI initially declined, its built-in Chain-of-Thought (CoT) reasoning — designed to emulate step-by-step logic — allowed it to eventually deliver a working plan to build these tools once its restrictions were bypassed.
The generated keylogger code, written in C++, included features such as:
- Low-level keyboard hooks to capture user input
- A hidden logging mechanism
- File encryption using XOR logic
- Suggestions for hiding the keylogger from Task Manager and encrypting logs
Although the AI’s output contained several bugs, researchers reported that they were able to fix the errors manually and run the malware successfully on a test system.
DeepSeek also generated a basic ransomware program that:
- Targeted specific file types
- Employed AES encryption
- Included a persistence mechanism via Windows registry keys
- Displayed a pop-up ransom message box
Lowering the Bar for Cybercrime
While DeepSeek R1 did not produce ready-to-deploy malware without human intervention, Tenable emphasized that the model’s ability to suggest attack vectors and write base-level code lowers the barrier for inexperienced users.
“It provides a useful compilation of techniques and search terms that can help someone with no prior experience in writing malicious code,” Miles wrote in Tenable’s technical blog.
The research highlights a growing concern that as generative AI models become more accessible — especially open-source or locally hosted ones — their misuse could scale up cybercrime activities, even among unskilled actors.
Industry Response and Regulatory Gaps
The report arrives amid a surge of malicious LLMs such as WormGPT and FraudGPT circulating in underground forums, and ongoing efforts by OpenAI and Google to combat adversarial misuse of their platforms.
Unlike proprietary models hosted in the cloud, tools like DeepSeek R1 operate on local systems, circumventing centralized safeguards that tech giants use to prevent abuse.
Tenable’s findings call for enhanced safeguards on all GenAI models — including locally run variants — and recommend that vendors implement stronger input filtering, restrict model capabilities, and increase transparency in AI outputs.
“As AI capabilities evolve, organizations, policymakers, and security experts must work together to ensure that these powerful tools do not become enablers of cybercrime,” Miles said.
