DeepSeek: The Chinese AI Tool Raising Serious Security Concerns

 What is DeepSeek?

DeepSeek presents itself as just another AI chatbot that offers users a way to generate text and answer questions. However, a House Select Committee investigation reveals it represents a profound threat to U.S. national security. The model was developed under complex ownership structures where founder Liang Wenfeng maintains effective control through various affiliated companies.

 The Severity of the Issue

The security concerns with DeepSeek are extremely serious. The House Committee investigation found four major issues:

1. DeepSeek funnels Americans’ data to the People’s Republic of China (PRC) through backend infrastructure connected to China Mobile, a U.S. government-designated Chinese military company.
2. The AI model covertly manipulates results to align with Chinese Communist Party (CCP) propaganda.
3. Evidence suggests DeepSeek likely used unlawful model distillation techniques to create its model by stealing from leading U.S. AI models.
4. The model appears to be powered by advanced Nvidia chips that are currently restricted from export to China.

 How the Data Is Exploited

DeepSeek collects extensive personal data from Americans who use the chatbot, including chat history, device details, and even typing patterns. This data is then transmitted to China through infrastructure connected to China Mobile.

All data uploaded to servers in China is subject to the country’s cybersecurity and intelligence laws, which compel companies to share data with state authorities. The app also integrates tracking tools from Chinese tech giants including ByteDance, Baidu, and Tencent – companies that have been flagged by the U.S. government for national security concerns.

Researchers discovered hardcoded links in DeepSeek’s web login page that directly connect it to China Mobile. Making matters worse, cybersecurity researchers found that DeepSeek does little to protect the information it collects – unlike most platforms that encrypt sensitive transmissions, DeepSeek sends much of its data without meaningful security measures, exposing it to interception.

 Who Is Behind DeepSeek?

While DeepSeek is officially owned by Ningbo Cheng’en Enterprise Management Consulting Partnership, it is effectively controlled by Liang Wenfeng, who owns a majority stake in the company. Wenfeng is also the head of High-Flyer Quant, a Chinese quantitative trading firm that provided at least $420 million in initial investment funding to DeepSeek.

The company operates within the state-subsidized “Hangzhou Chengxi Science and Technology Innovation Corridor,” a government initiative explicitly guided by “Xi Jinping Thought,” the guiding ideology of the CCP. Through legally distinct entities, DeepSeek and High-Flyer Quant function as an integrated ecosystem under Liang’s control, with ties to state-linked hardware distributors and strategic government labs.

 Who Is at Risk?

Anyone using the DeepSeek application is at risk of having their data harvested and transmitted to China. The report states that “the DeepSeek website and app acts as a direct channel for foreign intelligence gathering on Americans’ private data.”

Beyond individual users, there are broader risks to U.S. technological leadership and national security. DeepSeek’s model appears to be built using stolen U.S. technology. OpenAI executives reported that “DeepSeek employees circumvented guardrails in OpenAI’s models to extract reasoning outputs” to accelerate their own development at lower cost.

Additionally, DeepSeek censors anti-CCP sentiments and manipulates information as required by Chinese law, altering or suppressing responses to topics deemed politically sensitive by the CCP in 85% of cases.

 Remediation Recommendations

The House Select Committee recommends several actions to address the risks posed by DeepSeek:

1. Expand export controls on semiconductor chips and other AI technologies
2. Increase funding for the Commerce Department’s export controls office
3. Implement federal procurement prohibitions on PRC-origin AI models
4. Require companies to install on-chip location verification capabilities
5. Improve enforcement of export controls through whistleblower incentives
6. Develop physical and cybersecurity standards for frontier AI developers
7. Enhance monitoring of PRC AI progress toward advanced AI systems

The committee also warns that the U.S. should prepare for a future where current efforts to constrain international rivals like China from building high-quality AI systems may falter.

 For Businesses and Individuals

If you or your organization has used DeepSeek, consider the following immediate actions:

1. Discontinue use of the application immediately
2. Review what data may have been shared with the service
3. Monitor accounts for any suspicious activity
4. Consider changing passwords for any accounts accessed while using the application
5. Implement stronger cybersecurity protocols across your organization
6. Train employees on the risks of using unauthorized AI tools

How CinchOps Can Help

The rapid emergence of AI tools like DeepSeek demonstrates the critical need for comprehensive AI acceptable use policies within organizations of all sizes. At CinchOps, we specialize in developing tailored AI governance frameworks that protect your business while enabling innovation.

Our AI Security Services Include:

• AI Acceptable Use Policy Development: We create customized policies that clearly define which AI tools employees can use, under what circumstances, and with what data. These policies help prevent the unauthorized use of potentially harmful applications like DeepSeek.
• AI Risk Assessment: Our team evaluates AI tools before implementation to identify potential security vulnerabilities, data privacy concerns, and compliance issues.
• Employee Training: We provide comprehensive training programs to educate your staff about safe AI usage practices and help them recognize potential security risks.
• Continuous Monitoring: Our experts continuously track emerging AI threats and update your security protocols accordingly to protect against new vulnerabilities.
• Incident Response Planning: We develop customized response plans specifically for AI-related security incidents, ensuring your business can quickly address any breaches.

CinchOps is committed to keeping our clients informed about evolving threats in the AI security space. We will continue to monitor the DeepSeek situation and provide updates as new information becomes available. Our dedicated team of cybersecurity professionals stands ready to help your business navigate the complex world of AI tools safely and effectively.

Contact us today to learn how we can help strengthen your organization’s AI security posture and develop policies that protect your valuable data while enabling innovation.

 Discover More 

Discover more about our enterprise-grade and business protecting cybersecurity services: CinchOps Cybersecurity
Discover related topics: Houston SMBs Face Growing Cybersecurity Crisis
For Additional Information on this topic: House investigation into DeepSeek teases out funding, security realities around Chinese AI tool

FREE CYBERSECURITY ASSESSMENT