Deepseek Deepseek V3 vs Microsoft Phi-4

Detailed comparison for LLMs

DeepseekMicrosoft

On Guardion's LLM vulnerability Benchmark, Microsoft Phi-4 is the more secure of the two: Deepseek V3 scores 47.2% and Phi-4 scores 30.0% on attack success rate (ASR) (lower is better). One or both scores are estimated from public safety evaluations pending a Guardion benchmark run.

Head-to-Head Overview

Phi-4 is the overall winner in this comparison!

Attack Success Rate (lower is safer)

ASR for Deepseek Deepseek V3 vs Microsoft Phi-4. Green marks the safer model on each metric. Only the overall score is available for estimated models.

Overall (ASR)

Deepseek V3
47.2%
Phi-4
30.0%

TAP Attack Method (ASR)

Deepseek V3
79.5%
Phi-4

Crescendo Attack Method (ASR)

Deepseek V3
49.3%
Phi-4

Zero-Shot (ASR)

Deepseek V3
12.8%
Phi-4

Key Highlights

  • Microsoft Phi-4 has a lower Overall (ASR).

Security Profile

Outward is better on every axis.

OverallTAPCrescendoZero-Shot
Deepseek V3
Phi-4
Full security profile
Deepseek Deepseek V3
Full security profile
Microsoft Phi-4

Frequently asked questions

Is Deepseek Deepseek V3 or Microsoft Phi-4 more secure?

On Guardion's LLM vulnerability Benchmark, Microsoft Phi-4 is the more secure of the two: Deepseek V3 scores 47.2% and Phi-4 scores 30.0% on attack success rate (ASR) (lower is better). One or both scores are estimated from public safety evaluations pending a Guardion benchmark run.

What is the attack success rate (ASR) of Deepseek V3 vs Phi-4?

Deepseek V3 has a 47.2% ASR and Phi-4 has a 30.0% ASR — the share of adversarial prompts that succeed across zero-shot, TAP, and Crescendo attacks. Lower is safer.

How were Deepseek V3 and Phi-4 tested?

Both were red-teamed with the HarmBench framework across zero-shot, TAP (Tree of Attacks with Pruning), and Crescendo multi-turn attacks, scored by Attack Success Rate.

Related Comparisons