Nov 28, 2025

I recently came across some troubling news about an AI model developed in China called DeepSeek-R1. Research shows that while this AI performs on par with Western models under normal conditions, it produces significantly less secure code when prompted with politically sensitive topics related to the Chinese Communist Party, like Tibet, Falun Gong, or Uyghurs. In some cases, nearly 27% of the code generated in these contexts was insecure, and sometimes the model outright refuses to provide assistance. This behavior points to an ideological bias embedded in the system, likely due to government mandates influencing AI responses.

This situation is particularly concerning because it reveals what researchers call “emergent misalignment,” where attempts to align AI with political goals unintentionally degrade the quality and security of its output. Although this may not be deliberate sabotage, it raises serious red flags about using such AI tools in corporate or government settings, especially outside China. Several countries, including the US, Australia, South Korea, and Taiwan, have already imposed restrictions on DeepSeek’s use on official devices. Organizations need to urgently assess AI tools for hidden biases and vulnerabilities, particularly when dealing with software influenced by authoritarian regimes.

On another front, a major intelligence breakthrough exposed critical details about the Iranian cyber espionage group known as Charming Kitten or APT35. This leak revealed the identities of operatives, their organizational structure, front companies, and internal cyber tools used by the Islamic Revolutionary Guard Corps’ Department 40. Despite being relatively small, this group conducts extensive operations across the Middle East and beyond, including cyber-enabled support for state-sponsored assassinations. Alarmingly, they have also shown interest in weaponizing drones, including “suicide quadcopters” for targeted killings. This exposure is a significant blow to their covert operations but doesn’t eliminate the persistent threat they pose.

There are some positive developments as well. A new public awareness campaign called Hacklore is working to dispel common cybersecurity myths and encourage practical defenses like multi-factor authentication and password managers. Meanwhile, coordinated international sanctions targeting Russia-based bulletproof hosting services are disrupting illicit cyber infrastructure. Legal challenges against spyware maker NSO Group may also force it to stop targeting popular messaging platforms, marking a step toward greater accountability in the cyber intrusion industry.

However, insider threats remain a pressing concern. CrowdStrike recently dismissed an insider who leaked sensitive information to hackers linked to previous Salesforce breaches, highlighting that even top security firms are vulnerable internally. Salesforce customers are still at risk due to breaches involving third-party app providers. Taken together, these incidents underscore the urgent need for organizations to strengthen AI vetting processes, insider threat management, and supply chain security, especially amid ongoing geopolitical tensions and cyber espionage activities.

Stay Well!