As artificial intelligence continues to evolve rapidly, security concerns have emerged surrounding DeepSeek, a rising Chinese AI startup that recently gained prominence with its open-source R1 model. Multiple security firms have uncovered serious privacy and security issues, raising alarms about the company's connections to Chinese government infrastructure.
Security Vulnerabilities Exposed
Feroot Security has discovered concerning direct links between DeepSeek and Chinese government-controlled servers. The investigation revealed hidden programming code that can transmit user data, including personal information and queries, to China Mobile, a state-operated telecom company previously banned in the US for national security reasons. Additionally, NowSecure identified critical flaws in DeepSeek's mobile application, including unencrypted data transmission that leaves user information vulnerable to interception.
Security Issues:
- Unencrypted data transmission
- Exposed database with user data
- Direct links to Chinese government servers
- Poor data storage practices
Data Privacy Concerns
A particularly alarming discovery came from research firm Wiz, which found an exposed DeepSeek database containing sensitive information such as chat histories and user API keys. The database was completely open and unauthenticated, allowing potential unauthorized access to user data. While DeepSeek responded quickly by taking down the database within 30 minutes of notification, the duration of exposure remains unknown.
Chinese Government Connections
The company's privacy policy explicitly states that user data may be stored on servers in the People's Republic of China. Security experts warn that under Chinese cybersecurity laws, authorities can demand access to this data, potentially compromising user privacy and security. This has led to comparisons with TikTok's situation and prompted the US Navy to implement a ban on DeepSeek's use.
Impact on AI Industry
Despite these security concerns, DeepSeek's R1 model has demonstrated impressive capabilities, performing at or above OpenAI's standards while offering significantly lower prices - charging USD $0.14 per million tokens compared to OpenAI's USD $7.50. The company's efficient approach to AI development, particularly in working around US chip export restrictions, has sparked discussions about the future of AI development and competition.
OpenAI Equivalent Tier Pricing: USD $7.50 per million tokens
Regulatory Response
The mounting security concerns have led to increased scrutiny from government organizations and cybersecurity experts. Organizations are now being advised to forbid the use of DeepSeek's mobile applications, and there are growing calls for stricter oversight of AI companies with potential ties to foreign governments.