Anxieties around DeepSeek have mounted since praise from high-profile tech executives propelled it to the top of the Apple Store
“Hundreds” of companies, particularly those associated with governments, have worked to block access to DeepSeek due to concerns about potential data leaks to the Chinese government and what they view as weak privacy safeguards, Nadir Izrael, chief technology officer of the cyber firm Armis Inc., said, referring to the startup’s own clientele. Most customers of Netskope Inc., a service that companies use to restrict employee access to websites, are similarly moving to limit the service.
Roughly 70 per cent of Armis customers have requested blocks, the company said, and 52 per cent Netskope clients are blocking access to the site entirely, according to Ray Canzanese, director of Netskope’s threat labs.
“The biggest concern is the AI model’s potential data leakage to the Chinese government,” Armis’s Izrael said. “You don’t know where your information goes.”
Anxieties around DeepSeek have mounted since the weekend when praise from high-profile tech executives including Marc Andreessen propelled DeepSeek’s AI chatbot to the top of Apple Store app downloads. Chief among those worries is the fact that DeepSeek states in its own privacy terms that it collects and stores data in servers in China, adding that any dispute on the matter would be governed by Chinese government law.
DeepSeek didn’t respond to a request for comment.
According to DeepSeek’s own privacy policy, the company collects users’ keystrokes, text and audio input, uploaded files, feedback, chat history and other content for the purpose of training its AI models and may share that information with law enforcement and public authorities at its discretion.
Already, governments are scrutinizing DeepSeek’s privacy controls. Ireland’s Data Protection Commission, which enforces the European Union’s privacy regulations on many of the world’s largest technology companies, said Wednesday it had requested information from DeepSeek to determine if the company is properly safeguarding user data.
The Italian data protection watchdog also said it had contacted Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence seeking information on how DeepSeek’s app handles information about Italian users. Italian officials asked whether their citizens’ personal data was transferred to China and gave the company 20 days to respond.
The U.K.’s Information Commissioner’s Office said in a statement that generative AI developers must be transparent about how they use personal data, adding that it would take action whenever its regulatory expectations are ignored.
Mehdi Osman, CEO of the U.S. software startup OpenReplay, is among the business leaders who opted not to use DeepSeek’s API service over security concerns. But he warned that the firm’s extraordinarily low prices still threaten to lure developers away from OpenAI “in the coming months.”
Cybercrime researchers are meanwhile warning that DeepSeek’s AI services appear to have less guardrails around them to prevent hackers from using the tools to, for example, craft phishing emails, analyze large sets of stolen data or research cyber vulnerabilities.
“With very little effort, attackers will be able to make code modifications leading to increased scale and velocity of cyber and fraud attacks,” said Levi Gundert, chief security and intelligence officer at the cybersecurity firm Recorded Future Inc.
With assistance from Olivia Solon, Gian Volpicelli, Saritha Rai and Yazhou Sun