AI-generated chat messages are becoming a cornerstone of modern digital interaction. From customer support to creative writing, platforms like ChatGPT, Gemini, and DeepSeek have quickly gained popularity. However, as we dive deeper into how these systems process user inputs, it’s essential to recognize the potential security risks lurking beneath the surface.<\/p>\n\n\n\n
In our latest research, we uncovered a significant vulnerability in DeepSeek<\/strong>, an AI chatbot developed by the Chinese company High-Flyer<\/strong>. Specifically, we found that by sending crafted Markdown<\/strong> payloads, we could trigger XSS (Cross-Site Scripting)<\/strong> attacks through the chatbot\u2019s rendering engine.<\/p>\n\n\n\n What is Markdown and How Can It Be Exploited?<\/strong><\/p>\n\n\n\n Markdown is a lightweight markup language used for formatting plain text. It\u2019s commonly employed in documentation, messaging platforms, and content management systems due to its simplicity and readability.<\/p>\n\n\n\n However, like many markup languages, Markdown can be used to inject harmful content when rendered improperly. For instance, Markdown can be converted into HTML links or embedded code, which if unchecked, can result in security issues such as XSS<\/strong>.<\/p>\n\n\n\n The Vulnerability in DeepSeek<\/strong><\/p>\n\n\n\n DeepSeek, an AI language model developed by High-Flyer<\/strong>, offers a range of conversational capabilities. Our team tested its handling of Markdown input and discovered a serious flaw. The chatbot would render specific Markdown payloads, including those crafted to execute JavaScript code.<\/p>\n\n\n\n We were able to create a simple XSS attack using the following Markdown<\/strong> payload:<\/p>\n\n\n\n