DeepSeek AI Faces Global Scrutiny Over Security and Privacy Concerns

Be Careful With the Data You Give DeepSeek... and Every Other AI

Expertise Cybersecurity, Digital Privacy, IoT, Consumer Tech, Running and Fitness Tech, Smartphones, Wearables DeepSeek rocked the tech world and the financial markets when it hit the app stores a couple of weeks ago, promising to provide the same kinds of high-performing artificial intelligence models as the established players like OpenAI and Google at a fraction of the cost. But some in government and data security worry that the suddenly popular open-source AI assistant's ties to China could put American data at risk, comparing it to the social media platform TikTok, which members of Congress overwhelmingly voted to ban last year. Those concerns aren't limited to DeepSeek. They're something that everyone downloading AI chatbot apps onto their phone should bear in mind, even aside from the national security flag-waving going on in legislative halls. We'll outline some helpful tips below. On Thursday a pair of US House members announced plans to introduce legislation that would ban the app on all government devices, citing the Chinese Communist Party's ability to access data collected by DeepSeek and other Chinese-owned apps, as well as the potential for DeepSeek to be used to spread Chinese disinformation. "This is a five alarm national security fire," US Rep. Josh Gottheimer, a New Jersey Democrat, said in a statement, adding that the country can't risk China being able to"infiltrate" the devices of government employees and potentially put national security at risk. "We've seen China's playbook before with TikTok, and we cannot allow it to happen again," Gottheimer said. Australia last week banned the app on government devices. Some US states have done the same, with Texas being one of the first. And New York's governor on Monday issued a statewide ban of DeepSeek on state government devices and systems. DeepSeek's ties to China, as well as its wild popularity in the US and the news buzz surrounding it, make for an easy comparison to TikTok, but security experts say that while the DeepSeek's data security threats are real, they're different from those of the social media platform. And though DeepSeek may be the hot new AI assistant now, there's a plethora of new AI models and versions on the horizon, making it important to take care when using any kind of AI software. In the meantime, it's going to be a tough sell to get the average person to avoid downloading and using DeepSeek, said Dimitri Sirota, CEO of BigID, a cybersecurity company that specializes in AI security compliance. "I think it's tempting, especially for something that's been in the news so much," he said. "I think to some degree, people just need to make sure they operate within a certain set of parameters." Like TikTok, DeepSeek has ties to China and user data gets sent back to cloud servers in that country. Also like TikTok, which is owned by China-based ByteDance, DeepSeek is required by Chinese law to turn user data over to the government if the government asks for it. With TikTok, lawmakers on both sides of the aisle worried that US user data could be used by the Chinese Communist Party for intelligence purposes, or that the app itself could be modified to inundate American users with Chinese propaganda. Those concerns ultimately prompted Congress to pass a law last year that would ban TikTok unless it's sold to a buyer deemed fit by US officials. But getting a handle on DeepSeek, or any other AI, isn't as simple as banning an app. Unlike TikTok, which companies, governments and individuals can choose to avoid, DeepSeek is something people might end up encountering, and handing information to, without even knowing it. The average consumer probably won't even know what AI model they're interacting with, Sirota said. Many companies are already running more than one kind of AI model, and the "brain," or specific AI model powering that avatar, could even be "swapped" with another in the company's collection while the consumer interacts with it, depending on what tasks need to be done. Meanwhile the buzz surrounding AI in general isn't letting up anytime soon. More models from other companies, including some that'll be open-source like DeepSeek, are also on the way and will certainly grab the future attention of companies and consumers. As a result, focusing on DeepSeek removes only some of the data security risks, said Kelcey Morgan, Rapid7's senior manager of product management. Instead of focusing on the model currently in the spotlight, companies and consumers need to figure out how much risk they want to take in regard to all kinds of AI, and put in place practices designed to safeguard data. "That's regardless of whatever hot thing comes out next week," Morgan said. Cybersecurity experts say China has enough people and processing power to mine the massive amounts of data collected by DeepSeek, combine it with information from other sources and potentially build profiles of American users. "I do think we've entered a new era where compute is no longer the limitation," Sirota said, pointing to the abilities of companies like Palantir Technologies, which makes software that allows US agencies to crunch vast amounts of data for intelligence purposes, and adding that China has the same kinds of capabilities. Though the people playing around with DeepSeek could be young and relatively unimportant now, as with TikTok's users, China is happy to play the long game and wait to see if any of them grow up to be someone of influence and worth potentially targeting, Sirota said. Andrew Borene, executive director at Flashpoint, the world's largest private provider of threat data and intelligence, said that's something people in Washington, regardless of political leanings, have become increasingly aware of in recent years. "We know that the policymakers are aware; we know the technology community is aware," he said. "My personal assessment is I'm not sure the American consumer is necessarily aware of what those risks are, or where that data goes and why that could be a concern." Borene emphasized that anyone working in government should exercise the "highest levels of caution" if they choose to use DeepSeek, but he also said all users should keep in mind that their data might end up in the hands of Chinese officials. "That's an important factor to consider," he said. "You didn't need to read the privacy policy to know that." Given that it can be tough much of the time to know what AI model you're actually using, experts say it's best to take care when using any of them. Here are some tips for doing that. Be smart with AI just like with everything else. The usual best practices for tech apply here, too. Set long, complicated and unique passwords, always enable two-factor authentication when you can, and keep all your devices and software updated. Keep personal info personal. Think before entering personal details about yourself into an AI chatbot. Yes, this covers obvious no-no's like Social Security numbers and banking information, but also the kinds of details that might not automatically set off alarm bells, like your address, place of employment, and friends' or coworkers' names. Be skeptical. Just like you'd be wary of information requests that come in the form of emails, texts or social media posts, you should be concerned about AI queries, too. Think of it like a first date, Sirota said. If a model asks weirdly personal questions the first time you use it, walk away. Don't rush to be an early adopter. Just because an AI or app is trending doesn't mean you have to have it right away, Morgan said. Decide for yourself how much risk you want to take when it comes to software that's new to the market. Read the terms and conditions. Yes, this is a lot to ask, but with any app or software, you should really read these statements before you start handing over data, to get an idea of where it's going, what it's being used for and who it could be shared with. Those statements could also provide insights into whether an AI or app is collecting and sharing data from other parts of your device, Borene said. If that's the case, turn those permissions off. Be aware of America's adversaries. Any app based in China should be treated with suspicion, but so should those from other adversarial or ungoverned states like Russia, Iran or North Korea, Borene said. Privacy rights you might enjoy in places like the US or European Union don't apply on those apps, regardless of what the terms and conditions say.

DeepSeek banned on New York state government devices

New York has banned DeepSeek's AI app from government devices, citing security concerns about the Chinese-owned company. It's the TikTok ban discourse all over again. Governor Kathy Hochul announced the statewide DeepSeek ban on Monday, stating that "New York will continue fighting to combat cyber threats, ensure the privacy and safety of our data, and safeguard against state-sponsored censorship." Though DeepSeek has been around for a while, the company made a huge splash in January when it released a chatbot app based on its DeepSeek R-1 model. DeepSeek's new AI assistant swiftly shot to the top of Apple's App Store, impressing users with its superiority over rival OpenAI's ChatGPT when it comes to technical tasks. It's also free, unlike ChatGPT. Unsurprisingly, DeepSeek's meteoric success alarmed the U.S. tech industry, particularly as it claimed its AI chatbot was developed at a fraction of the cost of OpenAI's models. Nvidia's stock plummeted in response, with investors realising that future development of AI technology may not require as many GPUs as U.S. companies have been using. Questions also quickly arose regarding DeepSeek's security, and what the company might do with users' inputted data. U.S. officials have expressed concerns about whether the Chinese government might censor content or use the app to surveil users. Some users have reported censorship on DeepSeek, particularly regarding criticism of the Chinese government. "Serious concerns have been raised concerning DeepSeek AI's connection to foreign government surveillance and censorship, including how DeepSeek can be used to harvest user data and steal technology secrets," read Hochul's announcement. New York isn't the only U.S. state which has prohibited government employees from downloading DeepSeek. In late January, Texas Governor Greg Abbott banned Chinese social media and AI apps on government devices, including DeepSeek, RedNote, and Lemon8. Reps. Josh Gottheimer and Darin LaHood also introduced the unambiguous bipartisan bill "No DeepSeek on Government Devices Act" to the U.S. House of Representatives on Thursday, which would impact all federal employees. Though DeepSeek is only prohibited on U.S. government devices for now, and only in a few states, such bans may be a precursor to wider restrictions. Last Monday, Missouri Senator Josh Hawley introduced a bill that would "prohibit the import from or export to China of artificial intelligence technology," regardless of whether the user is a government employee or not. While the proposed "Decoupling America's Artificial Intelligence Capabilities from China Act" doesn't specifically single out DeepSeek by name, it's clear that the AI company is of significant concern to the U.S. government. The U.S. government's concern about DeepSeek mirrors its attention toward TikTok, the video sharing app having also been accused of surveilling users and spreading propaganda at the behest of the Chinese government. Though TikTok was prohibited on all U.S. government devices in early 2023, by Jan. 2025 the app was legally banned across the entire country. President Donald Trump temporarily delayed the ban so he can "negotiate a resolution" to officials' national security concerns, however TikTok could very well exit the U.S. entirely if one is not agreed to by April.

Claim: DeepSeek AI can be hacked to generate malware

Experts warn that DeepSeek, a generative AI developed in China, has failed multiple security tests, raising concerns about the risks for users. The Silicon Valley security provider AppSOC discovered significant vulnerabilities, including the ability to jailbreak the AI and generate malware. David Reid, a cybersecurity expert at Cedarville University, expressed alarm over the test results. "It failed a bunch of benchmarks where you could jailbreak it. You could in some cases, generate actual malware which is a big red flag," he stated. Reid noted that these failures are particularly concerning given they allow for the potential creation of harmful code. AppSOC's analysis assigned DeepSeek a risk score of 8.3 out of 10, recommending against its use in enterprise settings that involve sensitive data or intellectual property. Anjana Susarla, an expert in responsible AI at Michigan State University, echoed this sentiment, questioning whether organizations could manipulate DeepSeek to access confidential company information. While DeepSeek may appear to perform similarly to established AI models like ChatGPT, Susarla advised against using it in chatbots or customer-facing applications, asserting, "The answer is no." The implications of using such an untested model could lead to significant security vulnerabilities. Heightened concern stems from DeepSeek's Chinese origins, comparable to the controversy surrounding the social media platform TikTok, which has faced scrutiny from U.S. lawmakers for its data security practices. Members of the U.S. House recently announced plans to introduce legislation banning DeepSeek on government devices, citing the risk of data access by the Chinese Communist Party. DeepSeek R1 vs o3-mini in performance, cost, and usability showdown "This is a five alarm national security fire," declared U.S. Representative Josh Gottheimer from New Jersey. He emphasized the need to prevent any infiltration of government employees' devices, recalling past issues with TikTok. As of now, some countried like Italy and Australia have already enacted bans on DeepSeek for government use. Despite efforts to manage the risks, cybersecurity experts like Dimitri Sirota, CEO of BigID, acknowledge it may be challenging to deter average users from downloading and utilizing the application. The temptation of new, popular technologies often outweighs caution in user behavior. Concerns regarding DeepSeek include not only its technical vulnerabilities but also the geopolitical risks associated with software tied to China. Data collected by DeepSeek may be subject to Chinese law, requiring it to disclose user information upon request from the government. Experts warn that the Chinese government possesses the capabilities to analyze data aggregated from DeepSeek along with other sources to potentially create profiles of American users. This situation parallels the apprehensions surrounding TikTok, where worries persisted about the Chinese Communist Party leveraging user data for intelligence purposes. To mitigate risks when using DeepSeek or other AI models, cybersecurity experts recommend best practices such as ensuring strong, unique passwords and enabling two-factor authentication. Users should also be cautious about sharing personal information with AI applications and remain skeptical of requests for sensitive data. Finally, users should carefully read the terms and conditions of any AI application before use, to understand data usage and sharing practices. Experts warn that applications based in China or other adversarial states should be treated with heightened scrutiny due to the potential risks associated with data privacy and security.

New York state bans DeepSeek from government devices

The sudden popularity of a China-based app has prompted worries from U.S. government officials about whether it is safe to use.Lam Yik / Bloomberg / Getty Images The state of New York has banned the Chinese artificial intelligence assistant DeepSeek on government devices. Gov. Kathy Hochul issued the directive on Monday, citing "serious concerns" about DeepSeek's apparent censorship and its potential for foreign government surveillance. The AI app, created by a small research lab owned by Chinese hedge fund High-Flyer, has faced both praise and suspicion since it abruptly surpassed some of the most well-known AI models last month. "Public safety is my top priority and we're working aggressively to protect New Yorkers from foreign and domestic threats," Hochul said in a news release. "New York will continue fighting to combat cyber threats, ensure the privacy and safety of our data, and safeguard against state-sponsored censorship." DeepSeek's AI app shot to No. 1 in the Apple App Store in January, pushing ChatGPT down to second place. It roused a stir in Silicon Valley and sent tech stocks plummeting as the tech industry faced something of a reckoning around the AI race between the U.S. and China. DeepSeek made waves for building an AI model that outperformed some of the industry-leading models made by U.S. companies, at (if its claims are true) a fraction of the cost. But the sudden popularity of a mainland China-based app has prompted worries from U.S. government officials about whether it is safe to use. Chinese law mandates companies to cooperate and assist with China's intelligence efforts, potentially exposing data held by Chinese companies to government surveillance. That system differs from the U.S., where, in most cases, American agencies would need a court order or warrant to access information held by American tech companies. In banning DeepSeek from New York state devices, Hochul's office noted suspicions that the app "can be used to harvest user data and steal technology secrets." The order builds on the Legislative Oversight of Automated Decision-making in Government Act (LOADinG Act) that Hochul signed in December, which implemented sweeping guidelines for the use of AI by state agencies -- including provisions for human oversight, transparency and risk assessment. Just last week, Congress also introduced a bipartisan bill to ban DeepSeek on federal government devices, similarly citing a risk of espionage. "The technology race with the Chinese Communist Party (CCP) is not one the United States can afford to lose," Rep. Darin LaHood, R-Ill., who introduced the legislation alongside Rep. Josh Gottheimer, D-N.J., said in a statement. "The national security threat that DeepSeek -- a CCP-affiliated company -- poses to the United States is alarming." And Sen. Josh Hawley, R-Mo., introduced a different bill at the end of January that, if passed, would prohibit Americans from downloading Chinese AI models like DeepSeek altogether, stating that "every dollar and gig of data that flows into Chinese AI are dollars and data that will ultimately be used against the United States." The Chinese Foreign Ministry has pushed back against the more prevalent concerns around national security -- the same concerns that plagued TikTok, which is owned by China-based ByteDance, and caused the U.S. to pass a still-nebulous ban of the popular social media app. "The Chinese government attaches great importance to and legally protects data privacy and security," ministry spokesperson Guo Jiakun said Thursday at a regular briefing in Beijing. "It has never and will never require companies or individuals to collect or store data in violation of the law."

DeepSeek's is under fire - is there anywhere left to hide for the Chinese chatbot?

The Chinese-developed DeepSeek chatbot has sent shockwaves through the AI world since its January 20 release. After only one week, it surpassed its rival ChatGPT by becoming the most downloaded free app in the US and UK. Globally, 12 million people downloaded the DeepSeek app within just 48 hours of its launch, marking a growth even faster than its OpenAI counterpart. The DeepSeek phenomenon hasn't only attract AI fans and curious users, though. The security and privacy concerns of worldwide governments have been raised resulting in multiple DeepSeek bans or investigations at the very least. Here's what's happened so far and what the future for DeepSeek might look like... More and more countries around the world have growing concerns about the DeepSeek frenzy and have initiated some action over the past two weeks - whether that's a privacy complaint, wider investigation, or software ban. Here's the list so far: According to Director of Communications & Advocacy at ExpressVPN, Lauren Hendry Parsons, these actions don't come as a surprise. The public and private sectors are now largely making use of AI tools, she explains, making it crucial to ensure compliance with data protection regulations like GDPR is respected. Parsons said: "The murkiness around DeepSeek's potential bias and where user data is being sent should provoke action from key regulators and legislators. I would be more concerned if countries weren't exercising privacy-related investigations or taking any action at all." Countries worldwide have, nonetheless, taken a different approach to the potential threats posed by DeepSeek. In the EU, nations have issued complaints under the GDPR after examining the platform's privacy policy and finding "multiple violations" of European rules. These include transfers of citizens' data to China without the required safeguards, unclear information on how customer data is used for online profiling, non-transparent information over data retention periods, and more. Taiwan and Australia's decision to ban DeppSeek's usage on government devices comes as a more "security-driven approach", as Parsons puts it. "The US moves blend both privacy/security concerns with a noticeable undertone of economic protectionism," said Parsons. "It's particularly evident in their proposal to penalize DeepSeek users." DeepSeek's R1 AI is China's alternative to the US-developed ChatGPT, Gemini, and similar tools but, does this alone make DeepSeek less safe? As ever, the devil is in the detail. It should be noted that, in April 2023, OpenAI's chatbot got itself into trouble in Europe, with Italy's Garante temporarily banning ChatGPT over privacy concerns, but the EU's recent audit of DeepSeek's privacy policy was particularly striking. It revealed that DeepSeek logs all kinds of user details, including even keystroke patterns - enough for a GDPR complaint on its own. DeepSeek's issues are mainly linked to the fact the chatbot stored all users' data on its Chinese servers and, as per the provider's own wording, will be used to "comply with our legal obligations, or as necessary to perform tasks in the public interest, or to protect the vital interests of our users and other people." Not exactly reassuring. Security experts also found that DeepSeek is 11 times more dangerous than other AI chatbots, with cybercriminals able to exploit the service to generate harmful content and malicious codes, among other things. It all adds up to concerns around last week's data breach that exposed over one million records. All in all, Jurgita Miseviciute, Head of Public Policy at privacy firm Proton, still believes it's worth it for the EU and beyond to keep investigating the threats posed by all AI chatbots. She told TechRadar: "Regulatory bodies should scrutinize AI firms for privacy and security concerns, but this scrutiny must be consistent. It's not enough to focus solely on Chinese companies - US tech giants operating in the AI space have similarly questionable privacy practices." While it's still difficult to predict what could happen next, the ongoing pressure on DeepSeek will inevitably have an impact on the Chinese AI firm and, perhaps, even on the AI industry more broadly. Parsons from ExpressVPN expects more countries to join the list of governments seeking to take action against the new AI chatbot. These include countries with heightened cybersecurity concerns like Japan and India, or jurisdictions with strict data sovereignty laws, like Russia or Brazil. These legal efforts could result in usage bans and fines, which could lead DeepSeek to modify its data practices. "On a broader scale, these actions may pave the way for an international framework that sets new precedents for AI regulation," Parsons told TechRadar. On a less optimistic stance, Proton's Miseviciute believes these bans are often short-lived. "Bans and legal action alone won't solve the broader issues" she said. "The real solution lies in fostering a competitive tech landscape and educating consumers." According to Miseviciute, it's us, the users, who must understand the implications of using AI tools and how these handle our data - no matter whether they're from China, the US, or anywhere else. This is why she believes that worried governments should focus on ensuring customers are well-informed about the tools they use and less caught up in legal knots. "Users vote with their traffic numbers," agreed Parsons. "DeepSeek isn't the only AI bot available and if there are more privacy-focused or ethical alternatives, then it's up to people to decide which option they want to entrust with their data."

DeepSeek banned from government devices in New York state

DeepSeek has the capability to send user data to the Chinese government. New York government employees are barred from downloading DeepSeek's artificial intelligence application onto state devices due to security concerns, Gov. Kathy Hochul announced Monday. The DeepSeek chatbot, known as R1, responds to user queries just like its U.S.-based counterparts, such as the popular ChatGPT. But the China-based DeepSeek has code hidden in its programming that has the built-in capability to send user data directly to the Chinese government, experts told ABC News. "Public safety is my top priority," Hochul said in a statement. "New York will continue fighting to combat cyber threats, ensure the privacy and safety of our data, and safeguard against state-sponsored censorship." Last year, Hochul issued guidance for the "responsible use of AI" in New York's government to help improve operations while "protecting privacy, managing risk and promoting accountability, safety and equity," according to the governor's office. Rep. Josh Gottheimer, D-N.J., who serves on the House Intelligence Committee, told ABC News he thinks DeepSeek should be banned "from all government devices immediately." "No one should be allowed to download it onto their device. And I think we have to inform the public," he said. Gottheimer and Darin LaHood, R-Ill., introduced a bipartisan bill to ban DeepSeek from all government devices last week. "The Chinese Communist Party has made it abundantly clear that it will exploit any tool at its disposal to undermine our national security, spew harmful disinformation, and collect data on Americans. Now, we have deeply disturbing evidence that they are using DeepSeek to steal the sensitive data of U.S. citizens. This is a five alarm national security fire," Gottheimer said in a statement. Texas Gov. Greg Abbott banned DeepSeek on government devices, the first states to do so, on Jan. 31. President Donald Trump was asked on Friday whether he believed DeepSeek was a national security threat, to which he replied, "No, I mean, I think it's happening. It's a technology that's happening. ... It'll be a lot less expensive, the AI, we're talking about, will be a lot less expensive that people originally thought. That's a good thing. I view that as a very good development, not a bad development."

New York bans DeepSeek from government devices over 'serious' data...

New York state banned AI startup DeepSeek from government devices and networks due to "serious concerns" over potential data privacy and censorship risks posed by the China-based app, Gov. Kathy Hochul confirmed Monday. Hochul's office cited fears about "foreign government surveillance and censorship, including how DeepSeek can be used to harvest user data and steal technology secrets." "Public safety is my top priority and we're working aggressively to protect New Yorkers from foreign and domestic threats," Hochul said in a statement. "New York will continue fighting to combat cyber threats, ensure the privacy and safety of our data, and safeguard against state-sponsored censorship." DeepSeek surged to the top of app store download charts last month after the firm claimed to have trained an advanced AI model for less than $6 million - and without access to the most advanced Nvidia computer chips, which were generally thought necessary to build cutting-edge AI and are subject to US export controls. The chatbot's popularity spiked even as cyber experts warned it poses glaring national security risks by mass-collecting data such as IP addresses and keystroke patterns and storing them all on servers in China, where the Communist regime could access the data. The ban means that New York state employees will be unable to download DeepSeek on their government-issued devices. It doesn't apply to their personal devices. DeepSeek could not immediately be reached for comment. The startup has displayed disturbing signs of censorship in line with the Chinese Communist Party's mandates - such as refusing to answer questions about China's leader Xi Jinping, the Tiananmen Square massacre and whether Taiwan is a sovereign country. Similar data security concerns led state and federal lawmakers to crack down on China-owned TikTok, which was banned last month after its Chinese parent ByteDance failed to divest its stake. President Trump issued an executive order delaying enforcement of the ban by 75 days. TikTok has been banned on government devices in New York since 2020. Some US lawmakers are pushing to ban DeepSeek from federal government devices, the Wall Street Journal reported last week. The US Navy has already banned the use of DeepSeek. DeepSeek's claims about developing an ultra-efficient model despite US restrictions helped trigger a $1 trillion stock market selloff. However, many experts, including Elon Musk and Scale AI CEO Alexandr Wang, have said that DeepSeek likely has far more chips than it can publicly admit to because of export controls. As The Post exclusively reported, DeepSeek also hired at least four current employees who previously worked at Microsoft's controversial AI lab in China - the existence of which US lawmakers have repeatedly criticized as a potential national security threat.

Cybersecurity Experts Warn of DeepSeek Vulnerabilities as Governments Ban App

An analysis of DeepSeek's mobile application by the firm NowSecure revealed the app was transmitting data unencrypted. A cybersecurity company is warning businesses and organizations not to use a popular app from the generative AI company DeepSeek, saying that the program contains a number of security vulnerabilities that could compromise users' data. The DeepSeek app, which shocked the stock market when it moved to the top of the Apple App Store in January, transmits data unencrypted over the internet and insecurely stores usernames, passwords, and other credentials, according to an analysis by mobile app security firm NowSecure. The vulnerabilities the firm found affect the mobile app through which many users access DeepSeek's AI models, not the models themselves, which can also be run locally on a user's device or through a separate hosting platform. "Because mobile apps change quickly and are a largely unprotected attack surface, they present a very real risk to companies and consumers," NowSecure wrote. "DeepSeek is high profile, but not unique." Analyzing the DeepSeek app's performance on real phones, NowSecure found that the iPhone version came with an important security feature designed by Apple turned off. "The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels," the analysts wrote. "Since this protection is disabled, the app can (and does) send unencrypted data over the internet. " The lack of encryption could make users susceptible to man-in-the-middle attacks, where someone with control over the network on which the device is communicating is able to view or modify communications between the user and DeepSeek's servers. NowSecure also found that in some instances the DeepSeek app was caching sensitive information, including username and password, in an unencrypted file on the device that could potentially be reviewed by an attacker who gained physical or remote access to the device. Other vulnerabilities NowSecure identified are more common among mobile apps. For example, the analysts determined that DeepSeek collects a variety of data about the network and device the app is operating on that can be combined with other information and used by data brokers, or potentially even more nefarious actors, to track and monitor a user. The NowSecure report comes as several governments are banning their employees from using DeepSeek due to security vulnerabilities and the fact that the company is based in China. On Monday, New York Governor Kathy Hochul announced that state employees were barred from using DeepSeek's models on their devices. Congress is currently considering a bill that would implement a similar ban at the federal level, and the governments of South Korea, Australia, and Taiwan have already blocked access to DeepSeek's models on official devices.

DeepSeek AI app should be banned from US government devices, lawmakers say

DeepSeek's AI app, which recently sent waves through the global AI market by offering a seemingly more powerful model developed at a comparatively lower cost than its competitors, should be banned from US government devices, lawmakers have said. Two congress members are seeking to introduce a bipartisan bill to ban the app from government devices as it poses a national security threat to the US. The bill, introduced by US Representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL), is titled the "No DeepSeek on Government Devices Act." The two representatives are both senior members of the House Select Committee on Intelligence, with the bill being introduced after the DeepSeek app was branded a threat to US AI stocks, with recent research from Feroot Security alleging the app is feeding user information to companies under the control of the Chinese Communist Party (CCP). "Our personal information is being sent to China, there is no denial, and the DeepSeek tool is collecting everything that American users connect to it," Feroot analyst Ivan Tsarynny told the WSJ. Some bans have already been introduced, with the state of Texas already banning the app from government devices, and the US Navy and NASA banning the app from their employee devices. If the bill is passed, the US would be following in the footsteps of countries such as Australia, Italy, and South Korea which have already introduced similar legislation. "We simply can't risk the CCP infiltrating the devices of our government officials and jeopardizing our national security," Gottheimer said. LaHood echoed these sentiments, stating, "This commonsense, bipartisan piece of legislation will ban the app from federal workers' phones while closing backdoor operations the company seeks to exploit for access." "It is critical that Congress safeguard Americans' data and continue to ensure American leadership in AI," La Hood said.

DeepSeek banned from NY state government devices

New York State is prohibiting the China-based artificial intelligence application DeepSeek from government devices. New York Gov. Kathy Hochul (D) announced on Monday state government employees are banned from downloading the application on ITS-managed devices and networks, citing "serious concerns" about the platform's "connection to foreign government surveillance and censorship." Hochul noted specific concerns about whether DeepSeek "can be used to harvest user data and steal technology secrets." "Public safety is my top priority and we're working aggressively to protect New Yorkers from foreign and domestic threats," Hochul said in a statement. "New York will continue fighting to combat cyber threats, ensure the privacy and safety of our data, and safeguard against state-sponsored censorship." New York State Chief Cyber Officer Colin Ahern touted the move in a statement, saying the state government "will continue to defend New York from cyber threats." "Safeguarding New Yorker's critical infrastructure, privacy, freedom from censorship are central pillars of Governor Hochul's security and resilience agenda," Ahern said. Hochul issued statewide guidance in 2024 on the proper use of AI in government, which sought to find a balance between driving innovation and protecting privacy. Dru Rai, the director of the state's Office Information Technology Services, said banning DeepSeek is consistent with the governor's AI guidance. That policy, Rai said, "was established at her direction over a year ago to responsibly evaluate AI systems, better serve New Yorkers, and ensure agencies remain vigilant about protecting against unwanted outcomes. I commend the Governor for recognizing that this must continue to be the highest priority." DeepSeek, a one-year-old startup, launched an AI model, R1, last month, which quickly drew comparisons to models offered by OpenAI or Google. The app surged to the top of the app store shortly after its release and sent U.S. stocks plunging. The app has sparked concerns in the U.S. about its link to China and potential link to the Chinese Communist Party (CCP). The company is based in China but is not technically directly connected to the CCP. In China, however, companies are required to hand over data if requested by the government, further stoking fears over privacy and national security. A bipartisan pair of lawmakers, Reps. Josh Gottheimer (D-N.J.) and Darin LaHood (R-Ill.), introduced a measure in Congress last week to ban DeepSeek from government devices, arguing the app "compromises users' sensitive data." The lawmakers pointed to a security research study published Wednesday that found DeepSeek's website contains computer code with the potential to send user login information to China Mobile, a Chinese state-owned telecommunications company that is prohibited from operating in the United States. The study was reported Wednesday by The Associated Press. The Hill has reached out to DeepSeek for further comment.

US lawmakers introduce bill to ban DeepSeek from govt devices

US lawmakers on Thursday brought forth a bill to ban Chinese artificial intelligence program DeepSeek from being used on government devices over concerns about user data security. Representative Josh Gottheimer, a New Jersey Democrat, introduced the bill along with Darin LaHood, an Illinois Republican, citing an "alarming threat to US national security" and warning of "direct ties" between DeepSeek and the Chinese government. The bill comes after a Wednesday report by Feroot Security, a US cybersecurity firm, found that the AI model contains hidden code capable of transmitting user data to China Mobile, a state-owned telecoms firm. Chinese startup DeekSeek shocked the global AI industry last month with the launch of its low-cost, high quality chatbot, which shook the lead the United States and other countries had in the ongoing race to develop the technology. "The Chinese Communist Party has made it abundantly clear that it will exploit any tool at its disposal to undermine our national security, spew harmful disinformation, and collect data on Americans," Gottheimer said in a statement. LaHood, calling DeepSeek a "CCP-affiliated company," said that "under no circumstances" can it be allowed to "obtain sensitive government or personal data." The legislation in the House of Representatives comes as South Korean ministries and police said they were blocking DeepSeek's access to their computers, after the company did not respond to a data watchdog request about how it manages user information. Australia has also banned DeepSeek from all government devices on the advice of security agencies, while France and Italy have raised concerns about DeepSeek's data practice. Separately, video-sharing app TikTok is facing down a US law that orders the company to divest from its Chinese owner ByteDance or be banned in the United States.

Hochul issues statewide ban of Chinese AI DeepSeek on government...

Gov. Kathy Hochul announced a statewide ban of the Chinese artificial intelligence app DeepSeek on all government networks and devices Monday -- fearing "foreign government surveillance." The decision comes after Wall Street and Silicon Valley got clobbered over rising fears about DeepSeek - a Chinese artificial intelligence startup owned by High-Flyer, a China-based firm based that claims to have developed an advanced model at a fraction of the cost of its US counterparts. "Public safety is my top priority and we're working aggressively to protect New Yorkers from foreign and domestic threats," Hochul said in the statement. "New York will continue fighting to combat cyber threats, ensure the privacy and safety of our data, and safeguard against state-sponsored censorship." The ban will prevent the chatbot app from being downloaded by all government devices and networks due to "serious concerns" about DeepSeek AI's "connection to foreign government surveillance and censorship, including how DeepSeek can be used to harvest user data and steal technology secrets," the statement added. A bipartisan coalition in the US House was already moving to ban the app from federal devices -- similar to the 2023 prohibition of Chinese-run app TikTok on federal devices. Reps. Josh Gottheimer (D-N.J.) and Darin LaHood (R-Ill.) introduced the "No DeepSeek on Government Devices Act" on Thursday. The lawmakers referenced intel that the Chinese app has intentionally hidden code that could send user login information to China Mobile, a state-owned telecommunications company that has been banned in the US. Major US tech stocks -- including Nvidia, Microsoft and Tesla -- suffered a $1 trillion rout on Jan. 27 after DeepSeek announced it had built it's AI model in a matter of months for just $6 million. The announcement upended industry forecasts from tech giants such as Sam Altman's OpenAI GPT-4 computer chip that would take $100 million to train, and rival company Anthropic's model which would cost a whopping $1 billion in training. DeepSeek immediately surged to the top of the charts in Apple's App Store - displacing OpenAI's ChatGPT and other competitors. The company released details in January about their R1 reasoning model that underpins its chatbot. The AI firm turned heads in Silicon Valley with a research paper explaining how it built the model, and claiming that it excels at problem-solving despite being cheaper to train and run than its rivals. The news sent the US tech and AI industry into a panic. In October, Hochul announced the launch of New York's Empire AI consortium, a collection of public and private research institutions to advance AI research.

House Bill Proposes Ban on Using DeepSeek on Government-Issued Devices

DeepSeek is the latest Chinese app coming under fire from US lawmakers. Reps. Josh Gottheimer (D-N.J.) and Darin LaHood (R-Ill.) on Thursday introduced a bill that aims to ban the use of DeepSeek on government-issued devices. The duo cited a study conducted by Feroot Security, which found direct links between the app and Chinese government-owned China Mobile, as the reason for the ban. "We have deeply disturbing evidence that [the Chinese Communist Party is] using DeepSeek to steal the sensitive data of US citizens. This is a five-alarm national security fire," says Gottheimer. DeepSeek's AI model gained popularity after the release of its R1 model last month, which is built on a modest budget but delivers performance that matches most rivals. As reported by the Wall Street Journal, an independent analysis conducted by Feroot Security found that the Chinese AI company had hidden the code that transfers users' login information to China Mobile -- a company banned by the FCC from operating in the US. "We see direct links to servers and to companies in China that are under [the] control of the Chinese government. And this is something that we have never seen in the past," Ivan Tsarynny, CEO of Feroot Security, tells ABC. The study prompted lawmakers to propose the "No DeepSeek on Government Devices Act." "Under no circumstances can we allow a CCP company to obtain sensitive government or personal data," Rep. LaHood says. "This commonsense, bipartisan piece of legislation will ban the app from federal workers' phones while closing backdoor operations the company seeks to exploit for access." The lawmakers' call for a ban on DeepSeek mirrors a ban on TikTok for government devices passed in 2023.

Illinois Congressman Darin LaHood seeks to ban DeepSeek from federal government devices

Illinois Congressman Darin LaHood is spearheading an effort to ban Chinese artificial intelligence app DeepSeek from being used on any federal government devices. The Republican from Peoria joined U.S. Rep. Josh Gottheimer, a New Jersey Democrat, in introducing the "No DeepSeek on Government Devices Act," which would prohibit federal employees from using the app on government-owned electronic devices. The lawmakers cited the Chinese government's ability to use the app to spy on users and spread misinformation. "From a national security standpoint, we have to understand China is an adversary, and when you look at this app, and you look at DeepSeek, and the direct connection to the CCP - the Communist Chinese Party - that's deeply disturbing to me, and Congressman Gottheimer, and a number of other people," said LaHood, who is a member of the House Permanent Select Committee on Intelligence. The Trump administration and cybersecurity experts also have raised concerns that DeepSeek's technology could be a national security threat to the U.S. White House Press Secretary Karoline Leavitt said last month that the National Security Council (NSC) would examine possible national security implications from DeepSeek, adding that the administration would seek to "ensure American AI dominance." Some members of Congress also have shared concerns about DeepSeek's access to American users. "The U.S. cannot allow Chinese Communist Party models such as DeepSeek to risk our national security and leverage our technology to advance their AI ambitions," U.S. Rep. John Moolenaar (R-Mich.), who chairs the bipartisan House Select Committee on the Chinese Communist Party, said in a statement on social media. "We must work to swiftly place stronger export controls on technologies critical to DeepSeek's AI infrastructure." India, Australia and South Korea have already banned DeepSeek on government devices. The app rattled also nerves last week on Wall Street, as concerns that China might be catching up to the U.S. in the AI race sent tech stocks tumbling. The China and U.S. are in an arms race over AI, and DeepSeek's technology uses inferior computer chips that cost 20 to 30 times less than leading American companies. DeepSeek's introduction in the U.S. on Jan. 17 saw it swiftly become the most downloaded free app on Apple Store. California-based Nvidia, which makes chips that power AI, lost $593 billion in market value on the same day, the biggest one-day loss in history.