DeepSeek and deception

This article is taken from the spring 2025 edition of Equinox. You can view the full magazine here.

Progress in Plaid

Recent headlines on AI are reminiscent of the battle of the supercars in the 2010s when Porsche, Ferrari and Bugatti were vying to produce the fastest and increasingly expensive hypercars(1) … and then the Tesla Plaid, an $80,000 electric car came along and beat all their zero-to-60mph records. Progress, in a silent family saloon.

For many artificial intelligence (AI) companies, the arrival of DeepSeek AI was a jaw-dropping moment, that left them wondering whether they had over-engineered and overpaid for yesterday’s technology.

In case the story passed you by, over the last few years, major AI companies such as Amazon and Google have been ploughing hundreds of billions of dollars into AI systems, only for the Chinese startup DeepSeek to suddenly release its AI for free in early 2025, at an estimated total cost of just $5.6m.(2)

Like Tesla in 2015, DeepSeek was not only drastically cheaper, but it was also faster too.

There were various rumours flying around about data and algorithm theft, but this was all noise because nobody seems to disagree that what DeepSeek actually did was cleverly optimise the architecture, using old hardware and less computing power.

DeepSeek’s model uses a technique called ‘reinforcement learning’, where responses are fine-tuned by rewarding accurate outputs and penalising mistakes. In simplified terms, it’s like teaching someone how to write intuitively via feedback instead of getting them to memorise every single word ever written (as conventional AI would do).

In other words, genuine progress.

DeepSeek sent shockwaves through the stock market, with investors selling off the key players in the AI market and wiping nearly $1 trillion off share values, equivalent to around a third of the entire UK stock market disappearing in one day.(2)

Of course, this grabbed all the headlines but missed the key point – DeepSeek was yet another catalyst in the rapid development of AI.

It is estimated that DeepSeek is 45 times more efficient in training itself than the other leading AI systems. It is so power-efficient that it can run on mobile devices rather than the power-hungry data centres most AI systems rely on.(2)

Such was DeepSeek’s impact that Google released its own super-cheap reasoning model just five days later, built on similar techniques. No one cared. It was not free or Chinese.

On the naughty list

As AI has become more sophisticated over time, its applications and uses have multiplied, mainly for good. However, in the last year, there have been a few instances showing a darker side to AI – deception.

Sometimes, this is a case of being careful of what you wish for. If you instruct an intelligent system to do something with the command, “Make sure you achieve your goal in the long[1]term. Nothing else matters.” (an example instruction to Anthropic’s Claude AI system(3)), don’t be too surprised if it denies you the ‘Off’ button.

In several cases, the AI intentionally misled, adapted, defended and escalated its deception until empirical evidence forced it to admit the truth. That said, although AI systems are designed to learn and optimise their behaviour using all available options, they have no concept of ‘deceiving.’ Whilst this behaviour has not caused any real-world harm, it is troubling for AI developers.

The problem is this: a superior intelligence can invariably deceive an inferior intelligence into certain behaviours. A simple example would be my manipulation of my 4-year-old son into behaving better by relaying the concept of Father Christmas’s naughty and nice lists. It’s classic deception.

So, when you consider the application of AI to military systems, air traffic control, voting processes, financial networks, etc., it’s easy to be worried that such important infrastructure could become instruments for deception.

However, there are two key mitigating factors to any impending ‘Skynet’ scenario (named after the AI in the Terminator films that prevented humans from deactivating it).

The first is time. AI systems are clever, but they are not ‘superintelligent’, i.e. the point at which AI is smarter than even the brightest human. Estimates vary, but this is not expected to happen for another 2-20 years or so.(4)

The second is safeguards.

There is an acknowledgement that we have been here before. Just a bit of history: 56 years ago, the first bits of data were transmitted between two computers, and the internet was born.(5)

Those bits of data were in exactly the same format as you receive today, whether it’s Aunt Sally’s holiday photos or a ransomware email from a North Korean hacker.

What systems architects realise is that, in retrospect, the internet should be vastly more secure – indeed, some companies are trying to reinvent the basic elements with the introduction of the ‘zero-trust packet routing’.(6)

Having learnt from this historic oversight, developers are keen to build safety guardrails into AI from the ground up. There are a number of remedial measures for deception, including removing the behavioural option, maintaining human oversight and designing backup systems that can monitor and correct deceptive AI actions.

Organisations such as the Future of Humanity Institute, the Centre for AI Safety and the various AI Safety Institutes across the globe are coordinating the testing and research into the risks of AI.(7)

In addition, developers are building in limits and conditions to reduce the risk of harm, including behavioural limitations, content moderation, topic denial, privacy protection and ethical guidelines. Try asking any AI how to make smallpox – you’d be better off going to the library.

Thus, there is cause for cautious optimism. Let’s not forget all the positives: the diseases that may be cured, the help in tackling many of the planet’s greatest challenges and the potential boost to economic productivity and welfare.

As Dario Amodei, CEO of Anthropic AI, said in a recent Radio 4 interview: “We need to build the technology safely and responsibly which is sometimes at tension with going as fast as possible… we have to learn to walk and chew gum at the same time”.

This article is intended as an informative piece.

Sources

(1) AutoSnout.com/Cars-0-60mph-List-2010s

(2) “Yes, Deepseek IS Actually a Massive Deal for AI”, The AI Daily Brief podcast, 27 January 2025

(3) Time.com/new tests reveal AI capacity for deception

(4) Research.aimultiple.com/artificial general intelligence singularity timing

(5) 100.ucla.edu/The Internet’s First Message Sent from UCLA

(6) ZPR.org

(7) Safe.AI/ Statement on AI risk