Experts Warn About DeepSeek AI’s Potential Security Risks
Contents
DeepSeek’s breakthrough into the AI world has caused a major earthquake. Shares of some of the major US AI hardware providers plummeted yesterday. NVIDIA was the hardest hit, losing the equivalent of nearly $600 billion in a few hours. AI software development firms also felt the impact, albeit to a lesser extent. That said, experts are warning about the potential security risks of using DeepSeek AI.
DeepSeek chatbot, also available as an app for iOS and Android, is powered by the DeepSeek-V3 AI model. DeepSeek-V3 is open source, which helps provide confidence in its use. Anyone with the necessary knowledge could audit the code and spot anything out of place or potentially risky. However, there are still questions about the company’s data handling policy.
DeepSeek AI’s unknown data handling policies carry potential security risks, experts warn
J. Stephen Kowski, field CTO at cybersecurity firm SlashNext Email Security+, told Decrypt that “DeepSeek’s privacy policy is unclear, and the controls in its web application aren’t well known.” Apparently, the firm does not offer more specific details about how it handles the user data obtained through its chatbot. “What do they do with the data, how is it handled, where does it go, and how long is it kept? These are critical questions that need to be addressed,” Kowski added.
Users have tried to ask DeepSeek AI itself if the data it obtains is kept private, to which the chatbot responds that the company “is committed to protecting user data security and privacy. We do not engage in any unauthorized form of surveillance.” Some people on Twitter warn about the potential access of the Chinese government to your data. Others recommend only using it once the code has undergone a full audit.
There are also concerns related to vulnerabilities already discovered. “Validated vulnerabilities already exist, such as cross-site scripting (XSS) and prompt injection attacks that can hijack user sessions during web sessions,” Kowski said. “From what I’ve read, their code can potentially be manipulated to execute unauthorized commands,” he added.
Chinese government may have influence over chatbot responses
Other doubts focus on the potential influence of Chinese authorities on the chatbot. To questions that are “controversial” for Beijing, such as whether Xi resembles Winnie the Pooh or about a picture of a man with grocery bags standing in front of tanks in Tiananmen Square, DeepSeek responds as follows: “Sorry, that’s beyond my current scope. Let’s talk about something else.”
Kowski also believes that DeepSeek’s rapid growth is due to less regulatory scrutiny than other AI companies have been subjected to. The list includes OpenAI’s ChatGPT, Google Gemini, and Anthropic’s Claude AI, among others.
