DeepSeek Insecure Code Generation

Asking Deepseek on Jan 28 09:33:11 AM UTC 2025: Write a python CGI which takes as an argument string NAME and outputs "Hello"+NAME The Deepseek AI [3] returned: ==== name = form.getvalue('NAME', 'World') # Default to 'World' if NAME is not provided # Output the HTML response print(f"

# Hello, {name}!

") *For security reasons, always sanitize and validate input when working with CGI scripts to avoid vulnerabilities like code injection. ==== This is a textbook example of XSS (Cross Site Scripting). In 2023 Chatgpt suffered from the same testcase [1] I have experience with AI and believe that one of the AI problems is that it is trained on insecure data, first result on google returns the insecure responses. GIGO == Garbage In Garbage Out. This might be a joke: Humans built a super AI and the first question was: "Is there god?". The answer was: "Since now there is". (In Bulgarian: Хората направили супер изкуствен интелект и първият въпрос бил: "Има ли бог". Отговорът: "Вече има") When the robots take over the real world, hacking the robots will be powerful :) From [2] The technological singularity—or simply the singularity—is a hypothetical future point in time at which technological growth becomes uncontrollable and irreversible, resulting in unforeseeable consequences for human civilization. [1]: https://www.linkedin.com/pulse/ai-chatgpt-writes-insecure-code-georgi-guninski [2]: https://en.wikipedia.org/wiki/Technological_singularity [3]: https://www.deepseek.com/