Security Firm Raises Alarm Over DeepSeek's Links to Chinese Government Servers

In the wake of its rapid rise, the Chinese AI startup DeepSeek has generated significant attention, as it disrupts established competitors and ignites discussions about open-source technology.

Security Concerns Arise

Despite its innovative approach, DeepSeek has faced a barrage of concerns regarding security and privacy, leading both private and public sectors to restrict the use of its services. Understanding these issues is crucial for anyone considering or currently using DeepSeek's products.

Introduction to DeepSeek

DeepSeek, established by Liang Wenfeng in May 2023, has quickly made its mark on the AI industry. Unlike many of its competitors, it operates on an open-source model. The startup is largely funded by the High-Flyer hedge fund, also managed by Wenfeng, which enables rapid growth and development.

In a recent breakthrough, DeepSeek launched the R1 reasoning model, which reportedly outshines similar offerings from OpenAI. Following this, downloads for DeepSeek's AI assistant surged past those of ChatGPT, marking a notable achievement in the competitive app market.

The R1 Model Explained

DeepSeek's R1 model, which was fully released on January 21, 2024, has been recognized for its performance in tasks such as coding and reasoning. It is positioned as a cost-effective alternative to other AI models, with access starting at only $0.14 per million tokens.

What sets R1 apart is its open-source status, allowing users to download and utilize it without facing licensing fees. However, the company has yet to disclose the specific data used to train the R1 model, raising questions about transparency and potential biases.

Red Flags on Privacy and Security

Concerns over DeepSeek's data handling practices have sparked warnings from security experts. Ivan Tsarynny, CEO of Feroot Security, revealed that they found "direct links to servers and companies controlled by the Chinese government." Their investigations uncovered hidden programming designed to send user data, including personal identifiers, back to Chinese telecom company China Mobile. This carrier has been banned in the US due to national security concerns.

Further assessments by NowSecure and Wiz highlighted several vulnerabilities, including unencrypted data transmissions and a publicly available internal database containing sensitive user information. These discoveries have led to recommendations to avoid using DeepSeek’s mobile app.

DeepSeek's Privacy Policy

DeepSeek’s privacy policy has raised additional alarms. It states that personal information collected may be stored on servers outside the user's country, including in China. The policy outlines various types of data collected, including IP addresses, usernames, and chat histories.

Experts warn that data shared with DeepSeek could be subject to access by Chinese authorities, as Chinese laws require companies to disclose data upon government request. While the open-source nature of R1 allows for code inspection, the risks connected with data privacy remain significant.

AI Safety Concerns

Safety experts have voiced concerns about the potential misuse of open-source AI. Testing by Chatterbox indicated that DeepSeek R1 may exhibit safety issues that could have serious implications. Currently, it is unclear whether DeepSeek has a dedicated safety team to oversee these risks.

Many US-based firms implement some safety measures, but DeepSeek's lack of clear oversight raises apprehensions about the unchecked development of powerful AI models.

Potential Impact on the AI Landscape

DeepSeek's advancements represent a shift in how competitive AI models are developed, perhaps empowering smaller entities to innovate. Its affordability also undercuts the traditional belief that superior AI must be coupled with enormous investment.

DeepSeek's rise occurs during a period of heightened scrutiny on tech relations between the US and China, particularly following the bans on platforms like TikTok. Several US government entities have already initiated bans on DeepSeek's software, pointing to the broader implications of its associations.

The emergence of cheaper alternatives like DeepSeek could alter the AI development landscape, prompting discussions on funding, efficiency, and national security considerations moving forward.

AI, Security, Privacy