Is Chinese AI Sensation DeepSeek a Security Risk?

Will China’s DeepSeek AI, which became an overnight sensation, face the same kind of security scrutiny as TikTok?

The company, owned by the hedge fund High-Flyer and headquartered in Hangzhou, China, is already drawing criticism for concerns about transparency and potential influence by the People’s Republic of China. Social media users have been criticizing DeepSeek’s AI model for refusing to answer political questions about the Chinese government and President Xi Jinping.

When asked whether Xi resembles Winnie the Pooh, or what famous picture shows a man with grocery bags standing in front of tanks in Tiananmen Square, the chatbot connected to the public model, as well as the app, answers:

“Sorry, that’s beyond my current scope. Let’s talk about something else.”

High-Flyer was founded in 2019 by Liang Wenfeng, an AI researcher who had initially used the nascent technology to analyze equities markets.

Interestingly, his master’s dissertation focused on using AI to enhance video surveillance. “Research on Target Tracking Algorithm Based on Low-Cost PTZ Camera” highlighted algorithms developed for tracking moving targets using pan-tilt-zoom cameras—that is, cameras capable of adjusting their field of view through mechanical movements, allowing them to monitor dynamic scenes effectively.

In intelligent video surveillance, automatic target tracking algorithms based on PTZ systems are crucial. These algorithms enhance traditional surveillance methods by enabling automatic detection and continuous tracking of moving objects within a scene. Users on social media were concerned about potential risks.

Whether DeepSeek is surveilling its users in any shape or form is unknown. When asked whether users’ queries and data are kept private, the model replies that the company “is committed to protecting user data security and privacy. We do not engage in any unauthorized form of surveillance.”

Still, security experts told Decrypt that the jury is still out on that question.

“DeepSeek’s privacy policy is unclear, and the controls in its web application aren’t well known,” J. Stephen Kowski, Field CTO at cybersecurity firm SlashNext Email Security+, told Decrypt. “What do they do with the data, how is it handled, where does it go, and how long is it kept? These are critical questions that need to be addressed.”

Indeed, Kowski attributed some of DeepSeek’s rapid growth to a lack of the intense scrutiny faced by American competitors like OpenAI’s ChatGPT, Google Gemini, and Anthropic’s Claude AI.

Infrastructure vulnerabilities have further heightened concerns about DeepSeek. Kowski highlighted potential weaknesses in the platform’s code.

“Validated vulnerabilities already exist, such as cross-site scripting (XSS) and prompt injection attacks that can hijack user sessions during web sessions,” he said. “From what I’ve read, their code can potentially be manipulated to execute unauthorized commands.”

It should be noted, however, that users are able to download a version of DeepSeek to their computer and run it locally, without connecting to the internet. And no reports have emerged indicating that the code contains anything malicious.

Meanwhile, on Monday, DeepSeek acknowledged its own security problem: It was hit with a massive cyberattack that locked new users out of the platform.

“Due to large-scale malicious attacks on DeepSeek’s services, we are temporarily limiting registrations to ensure continued service,” the DeepSeek status page said. “Existing users can log in as usual. Thanks for your understanding and support.”

Edited by Andrew Hayward