Cristin Flynn Goodwin, Advanced Cyber Law blog
Originally published April 15, 2025
The US stock market reeled last week with news that Chinese AI provider DeepSeek was able to create a strong model leveraging a significantly smaller number of lower-power Nvidia chips than are used in the world’s leading AI models. It was a stunning breakthrough from a company that few outside of the AI community had heard of, and showed that there may be cheaper ways to get “good enough” results, rather than costly, energy-intensive resource hogs currently driving AI investment today.[1]
It’s important to remember why “good enough” doesn’t count for security.
The news has been quick to point out that DeepSeek makes no secret of the fact that its terms and conditions clearly state that “We store the information we collect in secure severs located in the People’s Republic of China.”[2]
DeepSeek also recognizes very clearly, in a section modestly entitled “Others”, that the company may “access, preserve, and share information… with law enforcement agencies, public authorities… or other third parties if we have good faith belief it is necessary to comply with applicable law, legal process or government requests, as consistent with internationally recognized standards….”.[3]
While it is unclear which “internationally recognized standards” are front of mind for DeepSeek, it is clear that DeepSeek is prepared to comply with requests from the Chinese government, either law enforcement or any of its other agencies or third parties acting on behalf of those agencies.
Privacy and data protection advocates are right to draw parallels to the TikTok situation and express concerns about Americans flocking to DeepSeek. As of January 28, DeepSeek is the top app in both Google Android and Apple App store “Top Free” apps, while ChatGPT is 6th on Android, and 2nd on Apple.
So clearly, “good enough” is winning over privacy concerns. It appears that most consumers are not concerned about the fact that DeepSeek is owned and operated by Hangzhou DeekSeek Artificial Intelligence Co., Ltd., Beijing DeepSeek Artificial Intelligence Co., Ltd, and their affiliates. These companies are subject to – as are any users of the DeepSeek service – the laws of the People’s Republic of China, and not the local laws of the user.[4]
From a quality perspective, whether DeepSeek is “good enough” seems to be a hot debate. The Wall Street Journal reported research claiming that DeepSeek was “very competitive” against the better-funded and resourced AI models.[5]ArsTechnica did its own testing, comparing DeepSeek against OpenAI in a range of tests from the complex (working with large number sets) to the trivial (write 5 dad jokes) and found both had strengths and weaknesses, but recognized the fact that DeepSeek’s ability to perform on inferior hardware using open source made it competitive.[6]
From a security perspective, there have got to be concerns about major amounts of US user data moving into China. It also raises concerns because any vulnerability that DeepSeek finds, or that a Chinese user finds in DeepSeek, is reported to Chinese authorities. Since September 2021, companies doing business in China have been required to report vulnerabilities to the Chinese government under the “Regulations on the Management of Network Product Security Vulnerabilities.” That applies to DeepSeek’s network in China, and any security researchers in China that may discover a vulnerability in DeepSeek. While American lawyers may argue that the law’s terms may be vague or unclear and assert the law does not apply to AI or DeepSeek, that’s not how Chinese law works, and if the Chinese government informs DeepSeek’s parent companies of their obligation to comply, they will.
What would that mean for users? Security exploits against AI are still nascent, and their impacts are not well understood. Last week, security researchers from Wiz Research found a vulnerability in Deep Seek that gave them full control over certain database operations, including the ability to access internal data. That included over a million lines of log streams which held chat history, secret keys, backend details, and other highly sensitive information.[7]
This week, security research firm Qualys published its analysis of DeepSeek, and reported that DeepSeek failed 61% of the tests that Qualys ran, out of 891 assessments across 16 different categories in its knowledge base and also failed 58% of jailbreak attempts across 18 different attack types.[8]
Chinese researchers are certainly hunting for vulnerabilities and threats in AI models. Reporting vulnerability data to the Chinese government would give Chinese nation state actors a major boost, if it were coupled with data from active users outside China, a test bed of nation state proportions. The fact that Chinese authorities can compel DeepSeek to provide access to user data under its privacy policy and then exploit that data further with knowledge gained through security exploits should make every user think twice before downloading.
The sad reality is that most users will not. The lowest cost most often wins, and “good enough” usually prevails. Mark Andreesen said that DeepSeek was AI’s “Sputnik moment” and he may be right.[9] The US tech sector needs to create a “good enough” AI that the majority of consumers can use – and fast. At the same time, the US government needs to move quickly to protect consumers and small businesses from sharing deep and personal data with China and opening up hundreds of millions of devices to risk before it’s too late.
Endnotes:
[1] Here’s what DeepSeek AI does better than OpenAI’s ChatGPT | Mashable; I tested ChatGPT vs DeepSeek with 7 prompts — here’s the surprising winner | Tom’s Gu
[2] DeepSeek Privacy Policy; DeepSeek Warning—New Chinese Security Threat Puts You At Risk
[5] How DeepSeek’s AI Stacks Up Against OpenAI’s Model
[6] How does DeepSeek R1 really fare against OpenAI’s best reasoning models? – Ars Technica
[8] DeepSeek Failed Over Half of the Jailbreak Tests by Qualys TotalAI | Qualys Security Blog
[9] Marc Andreessen warns DeepSeek is ‘AI’s Sputnik moment’ | Fortune
