Are there security risks associated with using DeepSeek?

ByDeepMind
Are there security risks associated with using DeepSeek?

Introduction to DeepSeek: A New AI Chatbot

Two years following the debut of ChatGPT, a powerful competitor emerged from China: DeepSeek. Launched on January 10, 2025, the DeepSeek chatbot quickly established itself in the market, becoming the most downloaded free app on both the iOS App Store and Google Play Store in the United States shortly after its release. However, DeepSeek’s swift rise has generated considerable concerns around privacy and security, particularly for businesses using the platform.

What is DeepSeek?

DeepSeek is a generative AI chatbot developed by a Chinese tech startup named DeepSeek. What makes it stand out is its open-source framework and completely free access, differentiating it from other chatbots like OpenAI’s ChatGPT, Google’s Gemini, and Anthropic’s Claude. To use DeepSeek, users can easily create a free account just by providing an email address or phone number.

Efficiency and Features

Unlike other leading chatbot technologies that often require extensive computational resources—like supercomputers with up to 16,000 GPUs—DeepSeek has shown impressive performance using only around 2,000 GPUs, providing a cost-effective solution for users.

Similar to ChatGPT, DeepSeek offers two main models:

  • DeepSeek-R1: A reasoning model paralleling OpenAI’s o1 or o3.
  • DeepSeek-V3: A conversational model that resembles OpenAI’s GPT-4o or GPT-4.

While DeepSeek specializes in delivering precise responses in technical and mathematical contexts, ChatGPT focuses on natural, context-aware conversations across a wider array of subjects.

Privacy and Security Concerns

As a China-based company, DeepSeek is subject to strict data regulations and censorship laws, raising significant concerns regarding privacy and security. Users—especially those in the business sector—need to consider these factors carefully.

Privacy Issues

DeepSeek collects various types of user data through its web application, including:

  • Account Information
  • User Inputs
  • Communication Records
  • Device and Network Details
  • Log Files
  • Location Information
  • Cookies

This data is stored on servers within China, which heightens fears about potential sharing with Chinese authorities, especially for those who may not fully grasp the risks associated with using a government-influenced AI service.

Open-Source Risks

DeepSeek’s open-source nature allows developers to customize the software, which can also present dangers. For example:

  • Harmful Content: Some developers could exploit the software to produce harmful outputs, evading integrated safety features.
  • Disinformation: The ease of altering DeepSeek’s code can enable bad actors to generate misleading information quickly, which may then be spread across social media platforms.

Although other western AI models implement stricter safeguards to prevent users from generating harmful outputs, DeepSeek’s open-source approach might lead to modifications that compromise safety.

Data Storage Risks

DeepSeek’s centralized database system poses additional risks. Given that all user data is held in China, interactions fall under Chinese law, exposing sensitive information to governmental oversight. In contrast, many Western AI tools use decentralized data structures that provide additional security features. Concerns have already led countries like Italy to ban DeepSeek due to privacy issues, and a U.S. Senate bill has been proposed to prohibit its use on federal devices.

AI Hallucinations

Research indicates that DeepSeek currently lacks adequate protection against AI "hallucinations", where the chatbot may produce false or misleading information while presenting it as factual. Such inaccuracies can result in repercussions, including:

  • Distribution of misinformation
  • Faulty business decisions
  • Exposure of confidential information
  • Compliance violations

Encryption and Security Flaws

Investigations have revealed critical vulnerabilities in DeepSeek’s infrastructure, which can lead to unauthorized access. These weaknesses have been uncovered through several audits, revealing issues such as:

  • Unencrypted Data Transmission: User information is sent without proper security measures, making it susceptible to interception.
  • Weak Encryption Keys: The application uses outdated encryption standards, violating essential security practices.
  • Insecure Data Storage: Sensitive details, including usernames and passwords, are stored insecurely, heightening the risk of breaches.

DeepSeek vs. Competitors: Security Comparison

DeepSeek’s security measures contrast sharply with those of its predominant competitors like Gemini and ChatGPT. Here are some key comparison points:

  • Data Jurisdiction: DeepSeek’s data falls under Chinese legal oversight, while Gemini and ChatGPT are governed by more robust Western privacy regulations.
  • Guardrails: Other AI models implement stringent safeguards to limit harmful content generation, making it harder for users to bypass safety measures.
  • Transparency: Western companies regularly provide security updates and permit audits, which DeepSeek does not currently offer.

As generative AI continues to evolve, the rapid rise of DeepSeek highlights significant questions surrounding data privacy, security, and regulatory challenges faced by users worldwide.

Please follow and like us:
error
fb-share-icon
Tweet
fb-share-icon

Related