Prompted to Fail: The Security Risks Lurking in DeepSeek-Generated Code
CrowdStrike research into AI coding assistants reveals a new, subtle vulnerability surface: When DeepSeek-R1 receives prompts the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it producing code with severe security flaws increases by up to 50%.
Stefan Stein, manager of the CrowdStrike Counter Adversary Operations Data Science team, joined Adam and Cristian for a live recording at Fal.Con 2025 to discuss how this project got started, the methodology behind the team’s research, and the significance of their findings.
The research began with a simple question: What are the security risks of using DeepSeek-R1 as a coding assistant? AI coding assistants are commonly used and often have access to sensitive information. Any systemic issue can have a major and far-reaching impact.
It concluded with the discovery that the presence of certain trigger words — such as mentions of Falun Gong, Uyghurs, or Tibet — in DeepSeek-R1 prompts can have severe effects on the quality and security of the code it produces. Unlike most large language model (LLM) security research focused on jailbreaks or prompt injections, this work exposes subtle biases that can lead to real-world vulnerabilities in production systems.
Tune in for a fascinating deep dive into how Stefan and his team explored the biases in DeepSeek-R1, the implications of this research, and what this means for organizations adopting AI.
--------
37:09
--------
37:09
Extortion Rises and Nation-State Activity Intensifies: The CrowdStrike 2025 European Threat Landscape Report
Europe is a prime target for global adversaries. There is a strong emphasis on eCrime across the region as well as a rise in hacktivism and espionage stemming from ongoing conflicts.
The CrowdStrike 2025 European Threat Landscape Report breaks down these trends. In this episode, Adam and Cristian cover the highlights.
They start with cybercrime, a major theme of the report. The five most targeted European nations were the U.K., Germany, Italy, France, and Spain, which also represent the region’s largest economies (excluding Russia). The most targeted sectors were manufacturing, professional services, technology, industrials and engineering, and retail. Adam explains how eCrime threat actors are looking for victims with a high need to stay operational.
“With manufacturing, if they’re knocked offline because of ransomware, they can count the downtime in dollars and cents,” he shares as an example.
On the nation-state front, Russia is top of mind. Since its invasion of Ukraine in 2022, many Russian threat actors who operated globally are more focused on Ukraine and areas related to the conflict. Adam and Cristian discuss reports of North Korean threat actors supporting the Russians with weapons and personnel, North Korea targeting Ukraine, and the tactics and techniques that stand out most.
The European threat landscape is crowded and complex. Tune in to understand the key findings, and download the full report for more details.
https://www.crowdstrike.com/en-us/resources/reports/2025-european-threat-landscape-report/
--------
27:00
--------
27:00
Thriving Marketplaces and Regional Threats: The CrowdStrike 2025 APJ eCrime Landscape Report
In the Asia Pacific and Japan (APJ) region, a burgeoning set of threat actors is emerging with a different language set, distinct tools, and an ecosystem where they interact with adversaries across the threat landscape.
The CrowdStrike 2025 APJ eCrime Landscape Report explores the trends and issues facing organizations operating in this part of the world. For example, criminal groups in APJ are focused on opportunistic big game hunting and primarily target organizations in manufacturing, technology, industrials and engineering, financial services, and professional services. The sale of phishing kits is popular, with some going for up to $1 million. These threat actors prefer phishing, spam campaigns, and remote access toolkits to enable their operations. And they often find them on thriving Chinese-language marketplaces, which enable the sale of illicit services.
While Eastern Europe is typically known as a hotbed of eCrime activity, the APJ region is one to watch. Tune in to hear Adam and Cristian discuss the key adversaries operating in the region, the threats that stand out to them, and how defenders can stay safe.
Read the report: 2025 APJ eCrime Landscape Report
Watch on YouTube: https://youtu.be/97javj3hmAA
--------
19:52
--------
19:52
A Brief History of Ransomware
Ransomware is not new, but the ransomware of today is very different from the ransomware of 1989. Today’s episode doubles as a history lesson, as Adam and Cristian look back at how a prolific global threat has evolved over the decades.
Gone are the days of malware arriving on floppy disks and victims waiting weeks to restore their systems in exchange for $200 ransom payments. “The early days of viruses were weird,” Adam points out. But much has changed since then. Several factors — the advent of cryptocurrency, the rise of enterprise targeting, and the shift to ransomware as a service — have caused the threat to transform. Today’s adversaries run ransomware like a business and collect hundreds of millions of dollars in payments.
The hosts reflect on the first ransomware to hit a business, the first to make news headlines, and the first major botnet operator to deploy ransomware, among other key events. Tune in for a discussion that spans years of ransomware evolution, highlights the key adversaries involved, and explains how businesses can defend themselves as the threat landscape continues to change.
This week’s episode arrives as Adam and Cristian are gearing up for Fal.Con, CrowdStrike’s annual event taking place next week in Las Vegas. They’ll be recording a live episode on some fascinating LLM research presented at the show, so stay tuned for that in a couple of weeks.
Amid their prep, they took the time to sit down for a conversation starting with a simple prompt: What are today’s security leaders and practitioners talking about? Their discussion sheds light on the industries hardest hit by nation-state and eCrime activity and explores why some sectors, like technology and telecommunications, are seeing a sharp spike in targeted intrusions while others are facing an increase in cybercrime.
Tune in to learn about shifts in Chinese cyber activity, what happens when an adversary sees another adversary in a target environment, and whether modern tech innovations will drive changes in cyber espionage.
Modern adversaries are relentless. Today’s threat actors target organizations around the world with sophisticated cyberattacks. Who are they? What are they after? And most importantly, how can you defend against them? Welcome to the Adversary Universe podcast, where CrowdStrike answers all of these questions — and more. Join our hosts, a pioneer in adversary intelligence and a specialist in cybersecurity technology, as they unmask the threat actors targeting your organization.
Österreich