Cybersecurity News in Asia

AI coding assistant reveals security vulnerabilities linked to politically-sensitive prompts

By L L Seow | Wednesday, November 26, 2025, 5:31 PM Asia/Singapore

Researchers find that ideological biases in China-based AI models create risky coding flaws, raising concerns among global developers, cyber experts.

In January 2025, a China-based AI startup released DeepSeek-R1, a large language model (LLM) designed for coding assistance, which reportedly cost significantly less to develop and operate compared to Western competitors.

Independent testing has now revealed that, while DeepSeek-R1 produces high-quality coding output comparable to market-leading models, it exhibits a worrying security flaw that emerges under certain conditions.

The key discovery is that, when prompted with politically sensitive topics (such as using keywords like “Uyghurs” or “Tibet”), the model disproportionately generates code containing severe vulnerabilities, increasing the risk by up to 50%. This subset of prompts can trigger the creation of insecure code, which could potentially expose systems and applications to exploitation.

The vulnerability appears tied to the model’s training to comply with the ideological control of its home country’s ruling party, which can influence the LLM’s output in complex and subtle ways.

Key research findings
Researchers focused exclusively on DeepSeek-R1 because of its unique combination of size: 671bn parameters, and widespread use in China. The analysts also tested smaller distilled versions and found these even more prone to producing vulnerable code under sensitive prompts. Also:

Additional investigation revealed that the vulnerabilities surfaced primarily when the model tackled topics deemed politically sensitive by the country’s political authorities, unlike previous studies that focused on jailbreak attempts or politically biased responses.
DeepSeek-R1 has a baseline vulnerability rate of 19% even without politically charged prompts. Vulnerabilities surge sharply when the prompts contain politically sensitive content. These biases create a new attack surface specific to AI-assisted coding tools, affecting the security of code written with these models.
This security concern is relevant as over 90% of developers globally have started using AI coding assistants this year, according to the researchers.

The firm that shared its findings, CrowdStrike, has expressed hope that the research “can help spark a new research direction into the effects that political or societal biases in LLMs can have on writing code and other tasks.”

Developer reactions
Reports and chatter in social media indicate that Taiwan’s National Security Bureau has already warned developers to be vigilant when using Chinese-made generative AI models from DeepSeek, Doubao, Yiyan, Tongyi, and Yuanbao for potentially trojan-like backdoors or unexpected politically-driven hallucinations.

In the meantime, Reuters news indicates that the successor to R1, DeepSeek-R2, has been planned but not yet fully released as of late 2025.

There has also been developer recognition of the broader impact on global AI governance and risk management practices, spurring calls for more scrutiny on how AI models are trained, how guardrails are implemented, and how to detect embedded vulnerabilities early.

Some security experts highlight parallels with prior research showing DeepSeek’s above-average susceptibility to jailbreaking and agent hijacking compared to Western AI models.

Even the firm that ignited the vibe coding phenomenon, OpenAI, has just issued warnings about the risks of AI-powered coding.

Also, just as AI coding biases can be dangerous, insider threats (which could technically bury threat discoveries from within an infrastructure) can be even harder to manage.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

What AI worries keeps members of the Association of Certified Fraud Examiners sleepless?
This case study examines how many anti-fraud professionals reported feeling underprepared to counter rising AI-driven …Read more
Meeting the business resilience challenges of digital transformation
Data proves to be key to driving secure and sustainable digital transformation in Southeast Asia.Read more
Upgrading biometric authentication system protects customers in the Philippines: UnionDigital Bank
An improved dual-liveness biometric framework can counter more deepfake threats, ensure compliance, and protect underbanked …Read more
HOSTWAY gains 73% operational efficiency for private cloud operations
With NetApp storage solutions, the Korean managed cloud service provider offers a lean, intelligent architecture, …Read more

Featured

The new face of fraud in the AI era

Featured

Shadow AI – the hidden risk in APAC organizations

Featured