{"id":137320,"date":"2025-02-13T09:00:00","date_gmt":"2025-02-13T17:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=137320"},"modified":"2025-03-07T10:52:30","modified_gmt":"2025-03-07T18:52:30","slug":"securing-deepseek-and-other-ai-systems-with-microsoft-security","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/02\/13\/securing-deepseek-and-other-ai-systems-with-microsoft-security\/","title":{"rendered":"Securing DeepSeek and other AI systems with Microsoft Security"},"content":{"rendered":"\n

A successful AI transformation starts with a strong security foundation. With a rapid increase in AI development and adoption, organizations need visibility into their emerging AI apps and tools. Microsoft Security provides threat protection, posture management, data security, compliance, and governance to secure AI applications that you build and use. These capabilities can also be used to help enterprises secure and govern AI apps built with the DeepSeek R1 model and gain visibility and control over the use of the seperate DeepSeek consumer app. <\/p>\n\n\n\n

Secure and govern AI apps built with the DeepSeek R1 model on Azure AI Foundry and GitHub <\/h2>\n\n\n\n

Develop with trustworthy AI <\/h3>\n\n\n\n

Last week, we announced DeepSeek R1’s availability on Azure AI Foundry and GitHub<\/a>, joining a diverse portfolio of more than 1,800 models.   <\/p>\n\n\n\n

Customers today are building production-ready AI applications with Azure AI Foundry, while accounting for their varying security, safety, and privacy requirements. Similar to other models provided in Azure AI Foundry, DeepSeek R1 has undergone rigorous red teaming and safety evaluations, including automated assessments of model behavior and extensive security reviews to mitigate potential risks. Microsoft\u2019s hosting safeguards for AI models are designed to keep customer data within Azure\u2019s secure boundaries. <\/p>\n\n\n

\n\t
\n\t\t

\n\t\t\tazure AI content Safety\t\t<\/p>\n\t\t\n\t\t\tLearn more<\/span> <\/span>\n\t\t<\/a>\n\t<\/div>\n<\/div>\n\n\n\n

With Azure AI Content Safety, built-in content filtering is available by default to help detect and block malicious, harmful, or ungrounded content, with opt-out options for flexibility. Additionally, the safety evaluation system allows customers to efficiently test their applications before deployment. These safeguards help Azure AI Foundry provide a secure, compliant, and responsible environment for enterprises to confidently build and deploy AI solutions.\u202fSee Azure AI Foundry and GitHub<\/a> for more details.<\/p>\n\n\n\n

\n
Build transformative AI apps with Azure AI Foundry<\/a><\/div>\n<\/div>\n\n\n\n

Start with Security Posture Management<\/h3>\n\n\n
\n\t
\n\t\t

\n\t\t\tMicrosoft Defender for Cloud\t\t<\/p>\n\t\t\n\t\t\tLearn more<\/span> <\/span>\n\t\t<\/a>\n\t<\/div>\n<\/div>\n\n\n\n

AI workloads introduce new cyberattack surfaces and vulnerabilities, especially when developers leverage open-source resources. Therefore, it’s critical to start with security posture management, to discover all AI inventories, such as models, orchestrators, grounding data sources, and the direct and indirect risks around these components. When developers build AI workloads with DeepSeek R1 or other AI models, Microsoft Defender for Cloud<\/strong><\/a>\u2019s AI security posture management capabilities<\/strong> can help security teams gain visibility into AI workloads, discover AI cyberattack surfaces and vulnerabilities, detect cyberattack paths that can be exploited by bad actors, and get recommendations to proactively strengthen their security posture against cyberthreats.<\/p>\n\n\n

\"AI
Figure 1. AI security posture management in Defender for Cloud detects an attack path to a DeepSeek R1 workload<\/em>.<\/figcaption><\/figure>\n\n\n\n

By mapping out AI workloads and synthesizing security insights such as identity risks, sensitive data, and internet exposure, Defender for Cloud continuously surfaces contextualized security issues and suggests risk-based security recommendations tailored to prioritize critical gaps across your AI workloads. Relevant security recommendations also appear within the Azure AI resource itself in the Azure portal. This provides developers or workload owners with direct access to recommendations and helps them remediate cyberthreats faster. <\/p>\n\n\n\n

Safeguard DeepSeek R1 AI workloads with cyberthreat protection<\/h3>\n\n\n\n

While having a strong security posture reduces the risk of cyberattacks, the complex and dynamic nature of AI requires active monitoring in runtime as well. No AI model is exempt from malicious activity and can be vulnerable to prompt injection cyberattacks and other cyberthreats. Monitoring the latest models is critical to ensuring your AI applications are protected.<\/p>\n\n\n\n

Integrated with Azure AI Foundry, Defender for Cloud continuously monitors your DeepSeek AI applications for unusual and harmful activity, correlates findings, and enriches security alerts with supporting evidence. This provides your security operations center (SOC) analysts with alerts on active cyberthreats such as jailbreak cyberattacks, credential theft, and sensitive data leaks. For example, when a prompt injection cyberattack occurs, Azure AI Content Safety prompt shields can block it in real-time. The alert is then sent to Microsoft Defender for Cloud, where the incident is enriched with Microsoft Threat Intelligence, helping SOC analysts understand user behaviors with visibility into supporting evidence, such as IP address, model deployment details, and suspicious user prompts that triggered the alert. <\/p>\n\n\n

\"When
Figure 2. Microsoft Defender for Cloud integrates with Azure AI to detect and respond to prompt injection cyberattacks<\/em>.<\/figcaption><\/figure>\n\n\n\n

Additionally, these alerts integrate with Microsoft Defender XDR<\/a>, allowing security teams to centralize AI workload alerts into correlated incidents to understand the full scope of a cyberattack, including malicious activities related to their generative AI applications. <\/p>\n\n\n

\"A
Figure 3. A security alert for a prompt injection attack is flagged in Defender for Cloud<\/em><\/em><\/figcaption><\/figure>\n\n\n\n

Secure and govern the use of the DeepSeek app<\/h2>\n\n\n\n

In addition to the DeepSeek R1 model, DeepSeek also provides a consumer app hosted on its local servers, where data collection and cybersecurity practices may not align with your organizational requirements, as is often the case with consumer-focused apps. This underscores the risks organizations face if employees and partners introduce unsanctioned AI apps leading to potential data leaks and policy violations. Microsoft Security provides capabilities to discover the use of third-party AI applications in your organization and provides controls for protecting and governing their use. <\/a><\/p>\n\n\n\n

Secure and gain visibility into DeepSeek app usage <\/h3>\n\n\n
\n\t
\n\t\t

\n\t\t\tMicrosoft Defender for Cloud Apps\t\t<\/p>\n\t\t\n\t\t\tLearn more<\/span> <\/span>\n\t\t<\/a>\n\t<\/div>\n<\/div>\n\n\n\n

Microsoft Defender for Cloud Apps provides ready-to-use risk assessments for more than 850 Generative AI apps, and the list of apps is updated continuously as new ones become popular. This means that you can discover the use of these Generative AI apps in your organization, including the DeepSeek app, assess their security, compliance, and legal risks, and set up controls accordingly.\u202fFor example, for high-risk AI apps, security teams can tag them as unsanctioned apps and block user\u2019s access to the apps outright.<\/p>\n\n\n\n

\"Security
Figure 4. Discover usage and control access to Generative AI applications based on their risk factors in Defender for Cloud Apps<\/em><\/em>.<\/figcaption><\/figure>\n\n\n\n

Comprehensive data security <\/h3>\n\n\n
\n\t
\n\t\t

\n\t\t\tData security\t\t<\/p>\n\t\t\n\t\t\tLearn more<\/span> <\/span>\n\t\t<\/a>\n\t<\/div>\n<\/div>\n\n\n\n

In addition, Microsoft Purview Data Security Posture Management (DSPM)<\/a> for AI provides visibility into data security and compliance risks, such as sensitive data in user prompts and non-compliant usage, and recommends controls to mitigate the risks. For example, the reports in DSPM for AI can offer insights on the type of sensitive data being pasted to Generative AI consumer apps, including the DeepSeek consumer app, so data security teams can create and fine-tune their data security policies to protect that data and prevent data leaks. <\/p>\n\n\n

\"In
Figure 5. Microsoft Purview Data Security Posture Management (DSPM) for AI enables security teams to gain visibility into data risks and get recommended actions to address the<\/em><\/em>m. <\/figcaption><\/figure>\n\n\n\n

Prevent sensitive data leaks and exfiltration  <\/h3>\n\n\n
\n\t
\n\t\t

\n\t\t\tMicrosoft Purview Data Loss Prevention\t\t<\/p>\n\t\t\n\t\t\tLearn more<\/span> <\/span>\n\t\t<\/a>\n\t<\/div>\n<\/div>\n\n\n\n

The leakage of organizational data is among the top concerns for security leaders regarding AI usage, highlighting the importance for organizations to implement controls that prevent users from sharing sensitive information with external third-party AI applications.<\/p>\n\n\n\n

Microsoft Purview Data Loss Prevention (DLP)<\/a> enables you to prevent users from pasting sensitive data or uploading files containing sensitive content into Generative AI apps from supported browsers. Your DLP policy can also adapt to insider risk levels, applying stronger restrictions to users that are categorized as \u2018elevated risk\u2019 and less stringent restrictions for those categorized as \u2018low-risk\u2019. For example, elevated-risk users are restricted from pasting sensitive data into AI applications, while low-risk users can continue their productivity uninterrupted. By leveraging these capabilities, you can safeguard your sensitive data from potential risks from using external third-party AI applications. Security admins can then investigate these data security risks and perform insider risk investigations within Purview. These same data security risks are surfaced in Defender XDR for holistic investigations.<\/p>\n\n\n\n

\"
Figure 6. Data Loss Prevention policy can block sensitive data from being pasted to third-party AI applications in supported browsers.<\/em><\/em><\/figcaption><\/figure>\n\n\n\n

This is a quick overview of some of the capabilities to help you secure and govern AI apps that you build on Azure AI Foundry and GitHub, as well as AI apps that users in your organization use. We hope you find this useful!<\/p>\n\n\n\n

To learn more and to get started with securing your AI apps, take a look at the additional resources below:  <\/p>\n\n\n\n