Globally, businesses and government organizations are taking steps to limit their workers’ access to the tools that the Chinese artificial intelligence startup DeepSeek recently released, according to cybersecurity companies that were hired to assist safeguard their networks.
Nadir Izrael, chief technology officer of the cyber firm Armis Inc., referred to the startup’s own clientele when he said that “hundreds” of businesses, especially those connected to governments, have attempted to block access to DeepSeek because they are worried about possible data leaks to the Chinese government and what they perceive to be inadequate privacy safeguards. The majority of clients of Netskope Inc., a network security company that is used by businesses to limit employee access to websites and other services, are also limiting connections.
According to Ray Canzanese, head of Netskope’s threat labs, 52% of Netskope clients are limiting access to the website completely, and almost 70% of Armis customers have sought bans.
The AI model’s possible data leak to the Chinese government is the main worry, according to Armis’s Izrael. “You have no idea where your information ends up.”
Anxiety about DeepSeek has grown over the weekend, when praise from high-profile industry tech executives such as Marc Andreessen drove the AI chatbot to the top of Apple Store app downloads. Among those concerns is the fact that DeepSeek specifies in its privacy terms that it collects and retains data on Chinese servers, and that any disputes over the topic will be resolved in accordance with Chinese government legislation.
An inquiry was not answered by DeepSeek.
At first, it was unclear how many workers of the Defense Department tried to access DeepSeek. No evidence of a security problem or data breach has been found in relation to the Pentagon’s use of DeepSeek.
According to DeepSeek’s own privacy policy, the company gathers user input, including text and voice input, uploaded files, feedback, chat history, and keystrokes, in order to train its AI models. At its discretion, the company may also share this information with public authorities and law enforcement.
A publicly available database belonging to DeepSeek that contains internal data was discovered by cyber researchers who set out to investigate the company’s security. The database contained technical log data, backend information, and some DeepSeek chat history, according to Wiz Inc., a cybersecurity business that Alphabet Inc. attempted to acquire for $23 billion last year. According to Wiz, when DeepSeek announced the discovery, it safeguarded the data.
Research indicates that the growth and sales of cybersecurity services are expected to be accelerated by DeepSeek and the growing use of other generative AI services. According to analysts Mandeep Singh and Damian Reimertz, companies that stand to gain from the trend include SentinelOne, Palo Alto Networks Inc., and CrowdStrike Holdings Inc.
The privacy protections of DeepSeek are already being closely examined by governments.
In an attempt to safeguard the data of Italians, Italy’s privacy authorities ordered DeepSeek to be disabled “as a matter of urgency and with immediate effect.” The Ireland’s Data Protection Commission, which oversees the enforcement of EU privacy laws by many of the biggest digital firms globally, announced on Wednesday that it had asked DeepSeek for information in order to assess whether the company is adequately protecting user data.
According to a statement from the UK’s Information Commissioner’s Office, generative AI developers need to be open and honest about how they utilize personal data. The office also threatened to take action if its legislative requirements are not met.
US officials and think tanks have warned that Chinese national security rules allow the government to acquire access to encryption keys held by corporations operating in the country and force them to participate in intelligence gathering. These rules were central to the US government’s justification for banning China-based ByteDance Ltd.’s TikTok platform, with national security experts saying that Chinese ownership would give Beijing access to Americans’ personal information.
According to TikTok, there is no such threat. Shortly after taking office in January, US President Donald Trump promised to reach an agreement that would let the platform to be used in the US.
A number of corporate executives, including Mehdi Osman, CEO of the US software startup OpenReplay, choose not to use DeepSeek’s API service due to security concerns. The company’s incredibly low costs, he cautioned, still pose a danger to OpenAI’s developer base “in the coming months.”
In the meantime, cybercrime researchers are cautioning that DeepSeek’s AI services seem to have fewer safeguards against hackers utilizing the tools to, say, create phishing emails, examine vast amounts of stolen data, or investigate hacker weaknesses.
Attackers will be able to alter code with no effort, increasing the scope and speed of fraud and cyberattacks, according to Levi Gundert, chief security and intelligence officer of cybersecurity company Recorded Future Inc.