DeepSeek sparks concern about securing U.S. data
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Annelise Capossela/Axios
Silicon Valley's overnight obsession with DeepSeek has renewed questions about whether it's safe for U.S. companies to even interact with China-linked technology.
Why it matters: Security concerns alone are enough for the biggest U.S. companies to pump the brakes on using DeepSeek's models right now.
- Prompt Security CEO Itamar Golan told Axios that his U.S. customers, many of which are Fortune 500 companies, have been writing in recent days to find out how to keep their proprietary data safe from DeepSeek.
- But corporate anxieties won't stop employees from downloading the app on their own to explore its usefulness — just look at how corporate ChatGPT bans have gone.
Driving the news: DeepSeek overtook OpenAI's ChatGPT as the most downloaded free app in Apple's App Store on Sunday.
- Interest in DeepSeek skyrocketed over the last week after the company released its open-source reasoning model, R1, which rivals Open AI's o1.
The big picture: The U.S. often doesn't take too kindly to companies from adversarial nations gaining popularity on its home field — but DeepSeek's free, open-source options and advanced capabilities could make it too appealing for U.S. companies to completely ignore.
What they're saying: "It's another tool owned by a Chinese entity that will get plenty of the U.S. data," Golan told Axios.
- "People talk with AI about everything, what they like, what they do, what they plan — all will be incorporated in the back end of this model, which is huge."
The intrigue: DeepSeek's open-source approach makes the security concerns around it a bit different from those surrounding TikTok, Huawei or even Russian cybersecurity company Kaspersky, Golan said.
- Typically, the U.S. worries about the potential for a backdoor in these companies' products that would let adversaries collect sensitive data about Americans. China-linked companies also face a litany of laws that could force them to hand over key information to Beijing.
- But anyone can inspect R1's model weights, along with the training code from DeepSeek's V3 model, which R1 is trained on and came out last month.
- Large companies could also use this open-source information to build their own DeepSeek-based apps that are walled off from DeepSeek's servers, Levi Gundert, chief security officer at cyber firm Recorded Future, told Axios.
Zoom in: DeepSeek's links to China also raise a few other unique cybersecurity challenges, experts say.
- Unless they're using a walled version of the product, inquiries sent to DeepSeek are processed on the company's servers in China, according to its privacy policy.
- That would subject the data collected to local Chinese data privacy laws — one of the main concerns for Washington's China hawks.
DeepSeek could face more threats from malicious actors looking to either taint its model data or render its services unusable because its code is so public, Mike McNerney, senior vice president of security at cyber risk company Resilience, told Axios.
- DeepSeek trained its new reasoning model using so-called reinforced learning, where it learns through interacting with its environment.
- "If you deny the access to the environment through a denial-of-service attack, it could actually hurt [DeepSeek's] ability to do the analysis they need to do," McNerney said.
Open source is a double-edged sword — the benefits the good guys experience are also shared with cybercriminals, Gundert said.
- Cybercriminals have built their own malicious GPT models that help them carry out online fraud and write malware, but they didn't have free access to the most advanced generative AI capabilities until DeepSeek, he added.
Yes, but: China is already capable of lurking inside U.S. companies, even without a clear backdoor.
- They've hacked the Treasury Department and several major U.S. telcos just in the last year. Officials have also warned that they're lurking in water systems, ports and other critical infrastructure.
- U.S. AI companies have also been on watch for employees who could leak information to Chinese companies.
What we're watching: Whether DeepSeek gets the TikTok or Huawei treatment depends on how many companies actually choose to ditch U.S. AI companies.
- President Trump said yesterday that DeepSeek is a "positive" and that the company's advancements are a "wake-up call for our industries that we need to be laser-focused on competing to win."
Go deeper: What to know about DeepSeek
