Huawei has created a version of the artificial intelligence model DeepSeek that is deemed “safe” by the Chinese government’s standards. This means that it will not generate “toxic and harmful speech, politically sensitive content, and incitement to illegal behavior.”
The Chinese tech giant teamed up with Zhejiang University to develop “DeepSeek-R1-Safe” using its Ascend 1000 accelerator chips. Engineers developed a post-training framework that blocks nearly 100% of 14 common malicious threats and achieves over 40% success against jailbreak attempts, including role-playing and encrypted coding attacks.
How DeepSeek-R1-Safe measures up
The model’s AI capabilities are within 1% of the original DeepSeek-R1 for benchmarks in depth of knowledge, mathematical reasoning, and counterfactual text generation. The latter is a measure of how well it can imagine convincing alternatives to real facts, helping it tackle hypothetical scenarios. DeepSeek-R1-Safe also beats Alibaba Cloud’s Qwen3-235B and DeepSeek-R1-671B in “security defense capability.”
Interestingly, just over a month ago, the Financial Times reported that DeepSeek attempted to base its R2 model on Huawei silicon but was unable to do so due to technical issues and, therefore, had to revert to Nvidia hardware. Huawei appears to have succeeded where DeepSeek failed by creating its equivalent with the Ascend 1000 chips. This will please the Chinese government, which is working to wean domestic tech companies off Nvidia.
DeepSeek-R1-Safe represents the first large-scale model trained on a 1,000-calorie cluster to come out of China. Huawei and Zhejiang University have open-sourced the model across multiple platforms, including GitHub, GitCode, ModelZoo, Gitee, and ModelScope. DeepSeek does not appear to have been involved in the project.
More must-read AI coverage
China and the US are scrutinising DeepSeek’s output
Back in July, the Financial Times reported that the Cyberspace Administration of China was reviewing Chinese AI models, such as by asking them questions about politically sensitive topics and Chinese President Xi Jinping, to ensure they “embody core socialist values.” It published a set of rules just a few days prior, defining what their output could and could not say.
DeepSeek’s content has also been under scrutiny outside of China. In April, a report from the US found it actively suppressed more than 85% of responses related to human rights, democracy, Taiwan, or Hong Kong. Research from the American AI startup Anthropic also found that, more often than not, DeepSeek-R1 conceals the real factors that influence its answers. This is on top of a long list of security issues that have come to light since the first model was launched in January.
When DeepSeek released its powerful, low-cost R1 model, comparable to OpenAI’s o1, energy company stock prices plunged. Investors feared the technology would spread across the industry and significantly reduce future demand for data centre energy. Stocks in Nvidia and Microsoft also took a hit, as investor confidence in the US AI makers dipped.
US authorities embedded location-tracking devices in select shipments of servers containing high-performance AI chips in an effort to monitor potential diversions to China.