DeepSeek’s reasoning model R1 can easily be tricked into generating malicious code, even though it still needs human input, research shows.