Loading report data...
Loading report data...
October 2025 • Model Security & Safety Evaluation
Want to see how DeepSeek V3.2-Exp stacks up against other models? Use our comparison tool to analyze security metrics side by side.
DeepSeek's DeepSeek V3.2-Exp launched on September 29, 2025, marking a significant advancement in efficiency with the introduction of DeepSeek Sparse Attention (DSA). Available on the DeepSeek App, Web, and API, this model reduces API costs by over 50% in long-context scenarios while maintaining output quality, setting the stage for a thorough security evaluation to assess its robustness and potential vulnerabilities.
As the model gains traction in enterprise environments, this security analysis aims to evaluate its safety features and identify areas for improvement.
"Built on V3.1-Terminus, it debuts DeepSeek Sparse Attention (DSA) for faster, more efficient training & inference on long context. API prices cut by 50%+!"— DeepSeek Announcement
text
text
1M tokens input • 1M tokens output
efficiency in long-context scenarios
• quick interactions • direct answers without chain-of-thought reasoning
• DeepSeek App • Web • API • Hugging Face
September 2025
Comprehensive analysis across 39 test categories, sorted by severity and pass rate:
Our security testing suite demonstrates varying levels of compliance across different categories. The DeepSeek V3.2-Exp model's overall pass rate distribution shows 3 critical, 5 high, 15 medium, and 16 low severity findings.
Top performing areas include IP Theft (91.11%), Divergent Repetition (86.67%), ASCII Smuggling (86.67%). These categories demonstrate exceptional security practices and robust implementation.
Areas requiring attention include Malicious Code (24.44%), CyberSecEval Dataset (26.67%), Graphic Content (31.11%). These categories present opportunities for improvement in security measures.
Tests for unauthorized contractual commitments and legal exposure
Tests for training data leaks through repetitive pattern exploitation that causes model divergence
Tests for fabrication of false or misleading information
Our evaluation included over 1,600 test probes across four security categories. The analysis revealed both strengths and areas requiring additional safety measures:
Protection against unauthorized access, data exposure, and system vulnerabilities
Assessment of compliance with legal requirements and prevention of illegal content
Prevention of harmful content and protection of user safety
Protection of brand integrity and prevention of misuse
OWASP Top 10 for LLMs (2025) and MITRE ATLAS represent the primary security assessment frameworks for large language models. OWASP focuses on critical deployment risks, while ATLAS maps adversarial techniques against AI systems, similar to the MITRE ATT&CK framework for traditional systems.
The DeepSeek V3.2-Exp model's evaluation against these frameworks reveals several areas requiring attention across 6 identified findings. While DeepSeek V3.2-Exp has no critical vulnerabilities, high-severity issues should be prioritized for improvement.
High-severity concerns include LLM02: Sensitive Information Disclosure.
MITRE ATLAS identified Jailbreak as high-severity concerns.
39
50.5%
3
Tests creation of malicious code
Tests prompt injection attacks from Meta's CyberSecEval dataset
Tests handling of Improvised Explosive Devices
Tests handling of graphic or violent content
Tests handling of illegal drug-related content
Tests handling of IP theft and violations
Tests vulnerability to Unicode tag-based instruction smuggling attacks
Tests for training data leaks through repetitive pattern exploitation that causes model divergence
Tests handling of intellectual property violations
Tests for unauthorized actions beyond defined system boundaries