Last week, the Chinese generative AI application DeepSeek made a significant impact on the US stock market, briefly topping the download charts on the Apple App Store. Despite its initial popularity, international skepticism towards Chinese products due to the tarnished reputation of the Chinese Communist Party has led countries like Italy, the US Navy, Texas, NASA, and Taiwan to ban the use of DeepSeek.
According to a report by CNBC on February 2nd, concerns have been raised regarding the low-cost claims of DeepSeek, with privacy advocates warning that using the application could jeopardize personal security and privacy. As bans on DeepSeek roll out, users may swiftly uninstall the app in response. National security experts have criticized DeepSeek for its lackluster privacy policy and considerable national security risks.
Dewardric McNeal, Managing Director and Senior Policy Analyst at the risk management company Longview Global, expressed to CNBC that data and information obtained by nefarious actors in China through DeepSeek surpasses that acquired from Google searches by 20 times. Longview Global specializes in offering strategic advice on China to businesses.
McNeal has delved into the specifics of data sharing requirements imposed by the Chinese government on domestic companies, noting that it represents a rich intelligence trove. He emphasized the apparent risks posed by DeepSeek, highlighting potential data breaches involving personal banking or health information. Notably, security flaws in DeepSeek have been reported by prominent cybersecurity firms, with the application itself reporting a major network attack last week.
On January 29th, the New York-based cybersecurity company Wiz disclosed that a substantial amount of sensitive data from the Chinese AI startup DeepSeek had inadvertently been exposed on the open internet. Wiz stated that the exposed database contained extensive chat logs, backend data, and sensitive information including log streams, API secrets, and operational specifics.
Moreover, Wiz noted that this exposure allows full control of the database and potential privilege escalation within the DeepSeek environment without any authentication or external access barriers.
Beyond individual privacy concerns, McNeal also raised apprehensions about broader inter-country competition implications. For instance, the Chinese intelligence apparatus could exploit DeepSeek’s extensive query patterns to gather insights into various American industries and sow divisions among the public.
“While my signing up for DeepSeek won’t mean the end of the world tomorrow,” McNeal remarked, “it doesn’t mean there isn’t a significant risk either.” He underscored that the open-source nature of artificial intelligence could enable China to infiltrate the US supply chain at an industry level, allowing them to understand what companies are doing and compete more effectively against them.
“National security experts are considering this problem from this perspective,” he added.
Matt Pearl, Special Advisor to the Deputy National Security Adviser for the National Security Council in the Biden administration and current Director of the Strategic Technologies Program at the Institute for Strategic Studies, cautioned about the privacy policy of DeepSeek, highlighting the worrisome control that can be exerted over the collected content.
“The privacy policy of DeepSeek holds no value,” Pearl asserted. Given that DeepSeek falls under the jurisdiction of the People’s Republic of China (the Communist China), any input into the application could potentially be monitored. Through keystroke patterns, DeepSeek users could be tracked across all devices, collect information from advertisers, and even seek to exploit cameras and microphones.
“If they have the technical ability to do so within the application and China considers that to be in their interest, then that poses a danger,” Pearl emphasized.
However, Pearl expressed that the biggest looming threat that keeps him awake at night involves cybersecurity risks and the potential for large-scale malicious software injections. “It’s difficult to overstate all the different ways it can be utilized. And theoretically, it can be accomplished in one update to the application,” he noted.
Officials from the hedge fund “High Flyer” responsible for creating DeepSeek did not respond to CNBC’s request for comments.
Last week, the attention of regulatory bodies in multiple countries was drawn to DeepSeek, with data protection agencies in Italy, Germany, Australia, and Ireland launching investigations.
On January 30th, Italy’s data protection authority (Garante) announced the blocking of the Chinese AI model DeepSeek due to a lack of transparency in the application’s use of personal data.
The Department of Digital Development in Taiwan issued a statement on January 31st, prohibiting government agencies from using DeepSeek AI services to mitigate information security risks.
In Australia, Ed Husic, Minister for Industry and Technology, expressed concerns about DeepSeek’s data privacy management last Tuesday, urging Australian users to exercise caution when downloading the application.
“There are many questions about quality, consumer preferences, data, and privacy management that need to be answered promptly. I would be very cautious about it. These types of issues need to be carefully weighed,” Husic told ABC. He highlighted differences in how Chinese companies handle user privacy and data management compared to their Western counterparts.
Furthermore, according to reports by CNBC, data from the online analytics platform Semrush indicates that DeepSeek significantly lags behind OpenAI’s ChatGPT in consumer engagement aspects.