DeepSeek-R1’s release has ignited discussions on AI security, innovation, and control. While its open-source approach is disruptive, it also highlights serious security gaps—from exposed databases to vulnerabilities in model safeguards. The rapid progress of AI models like DeepSeek reveals how little we still understand about AI’s limits, making continuous security assessments essential. The real battle, however, is not open vs. closed AI, but who controls the application layer. The key takeaway? Enterprises must assess AI security rigorously including and even especially for open source model, plan for ongoing disruption, and invest in AI-powered applications rather than just models. » READ MORE

I was thinking about how to improve this section and aiming for something a little bit more actionable. I wanted to stop have a long blurb of text to start the newsletter and have something a bit more practical. Below is a first example, so keen to get feedback (you can leave a comment at the bottom of the page or just reply to this email) - including the usage of emoticon vs proper icon? the level of detail in the summary? is an actual visualization better?
I want to automate this so that might become my 2025 coding project 😃

Security risks in open-source AI are unavoidable.

We don’t know what we don’t know—there’s still "slack" in AI development.

The real battle isn’t open vs. closed—it’s who controls the application layer.

DeepSeek’s Open Database Incident
A major security lapse came to light when Wiz Research discovered a publicly accessible DeepSeek database, exposing over a million lines of chat history, secret keys, and operational metadata. The database was left completely open, allowing unauthorized access to internal data. While this is not an AI-specific security flaw, it highlights the persistent issue of basic security hygiene in fast-moving tech environments. It also serves as a reminder that when you drive innovation, you inevitably attract scrutiny—both from security researchers and potential adversaries.

Red Teaming Reports Confirm High Vulnerability
Security assessments have painted an alarming picture. DeepSeek-R1 was found to be:

DeepSeek Innovation Appeared Out of Nowhere—And It Won’t Be the Last
The AI industry has been conditioned to believe that massive compute budgets are necessary to build competitive models. Yet, DeepSeek’s claimed $5M training cost—compared to the hundreds of millions OpenAI and Anthropic spend—suggests that optimization, not just raw compute, is the key to breakthroughs^*.

The Next Leap Is Always Around the Corner
DeepSeek’s ability to match or even outperform top-tier proprietary models in certain benchmarks highlights that progress is not linear. The AI space will continue to see unexpected jumps in capability, and organizations should plan for continuous disruption, not stability.

Security Will Always Be Playing Catch-Up
If AI progress is unpredictable, AI security must be adaptive. Traditional security frameworks assume static attack surfaces—but AI is constantly evolving, meaning defenses must be built for a moving target.

AI Models Are Becoming the New Operating Systems
DeepSeek, OpenAI, and Meta’s Llama all point to the same future: AI models are infrastructure, not end products. Just like Windows, macOS, and Linux serve as the foundation for an application ecosystem, AI models will be the backbone for the next wave of digital products.

Will the Infrastructure Players Win?
Microsoft, Google, and Amazon aren’t just focused on building the best models—they’re striving to own the platforms where AI models are deployed. But does this guarantee their dominance? The real battle lies in who will ultimately control the tools, APIs, and integrations that businesses depend on. Will infrastructure players maintain their edge, or will new challengers disrupt their position?

DeepSeek’s Strategic Play? Market Disruption Through Open-Source
The open-source strategy isn’t new—it’s a classic market disruption tactic. By offering high-performance AI at a fraction of the cost, DeepSeek is forcing companies to adapt or risk losing relevance. This strategy mirrors what China did in cloud computing—offering aggressively priced alternatives to dominate market share before regulation catches up.

Conduct thorough AI risk assessments before integrating open-source models.

Security is not optional—expect aggressive adversarial testing on any AI system.

AI innovation will keep accelerating—build risk strategies that assume continuous disruption.

The application layer is where the real value is—focus on AI-powered solutions, not just raw models.

EPSSg model scales exploit predictions across various data slices, enhancing vulnerability management.

Calculating ΔEPSSg scores identifies high-impact CVE removals, optimizing remediation strategies.

Overlaying asset attributes with EPSSg distribution provides deeper insights into risk posture.

Regular recalculation of EPSSg scores ensures accurate and up-to-date risk assessments.

EPSSg model offers a quantitative shift-left approach, improving vulnerability management focus.

EPSSg facilitates targeted, organization-specific vulnerability management strategies for risk reduction.

Integrating EPSSg with CVSS and qualitative attributes enriches risk assessment comprehensiveness.

EPSSg model emphasizes continuous improvement through feedback loops in risk management.

Visualization of asset EPSSg distribution prioritizes effective remediation efforts.

EPSSg model supports a hybrid quantitative-qualitative risk assessment approach for better insights.

AI enhances vulnerability detection accuracy, reducing manual efforts and improving security focus.

Automated instruction optimization minimizes human error, refining AI model performance.

Context-specific scores, not just CVSS and EPSS, are crucial for effective vulnerability prioritization.

AI-powered library matching relies on advanced reasoning and industry expertise.

Ground truth datasets fine-tune AI models, boosting accuracy and reliability.

Topic modeling clusters libraries, enhancing vulnerability prioritization by shared service contexts.

Efficient AI systems transform vulnerability management, focusing on critical security triage.

Iterative methods optimize LLM prompts, refining AI accuracy and efficiency.

Understanding library dependencies is essential for effective vulnerability management.

Component and topic scores prioritize vulnerabilities, aiding focused security efforts.

AI's dual-use nature offers benefits and risks, necessitating responsible development.

Threat actors find productivity gains using AI but lack novel capabilities.

Current AI models do not yet enable breakthrough capabilities for threat actors.

Iranian and Chinese APT actors are the heaviest users of Gemini.

Generative AI allows faster, higher volume operations for skilled threat actors.

AI misuse remains a concern, but current models limit breakthrough capabilities.

Government-backed threat actors use Gemini for various attack lifecycle phases.

AI systems must balance societal benefits with addressing potential misuse challenges.

Financially motivated actors use AI for business email compromise operations.

Google's Secure AI Framework (SAIF) aims to secure AI systems conceptually.