Freely subscribe to our NEWSLETTER

Key Security Concerns
Like any AI-driven platform, DeepSeek collects vast amounts of user data, including AI prompts, interactions, and IP addresses. The main issue arises from where and how this data is stored. DeepSeek utilizes servers located in China, Russia, and the US, meaning that US users’ data may be subject to Chinese data regulations, which offer much less privacy protection than US laws.
AI models, including those used by DeepSeek, improve through continuous user interaction. This means user data could be used to fine-tune DeepSeek’s capabilities. It raises concerns about the potential exposure of sensitive information in future AI-generated responses. Given the platform’s potential to absorb vast amounts of personal data, this information could be absorbed into the system and inadvertently exposed in AI outputs, potentially compromising user privacy.
We can already see alarming signs. OpenAI has claimed that it has evidence that DeepSeek distilled knowledge out of OpenAI models to train its chatbot. This raises serious concerns about intellectual property theft and data misuse. Such actions could lead to unauthorized data sharing, where sensitive user data or proprietary information from OpenAI’s system could be transferred to DeepSeek’s platform.
China’s cybersecurity regulations grant the government broad access to data held by domestic companies. It makes it possible for Chinese authorities to demand access to DeepSeek’s user data. Even if DeepSeek claims to uphold privacy protections, the legal framework in China creates major challenges in verifying how user data is handled behind the scenes. This becomes especially troubling when considering the increased risks of data being used for surveillance or government interests. These concerns are valid, as DeepSeek already censors itself to align with Beijing’s narratives, which shows its dependency on the government.
Moreover, just a couple of days ago, DeepSeek was targeted by a large-scale cyberattack. The attack, probably Distributed Denial of Service (DDoS), disrupted the app’s user registration system and temporarily stopped new sign-ups. While DeepSeek responded by implementing fixes and restoring normal operations, the incident revealed that the platform can be vulnerable, particularly in handling high volumes of user data.

Such attacks are typical for quickly growing platforms, which can attract malicious actors eager to exploit vulnerabilities. In DeepSeek’s case, the attack has raised concerns about the company’s ability to safeguard sensitive information, for some users. This adds to the uncertainty surrounding its privacy practices, especially considering its connection to Chinese government regulations and the potential risks of user data being targeted or exploited.

Can DeepSeek Be Used Safely?
For users who are still interested in DeepSeek but are concerned about the risks, there are steps to mitigate exposure:
• Use a VPN since it can mask a user’s location, and make it harder to track or log identifiable information.
• Check data policies. Users should review DeepSeek’s privacy policies, data retention practices, and whether the platform complies with international data protection laws.
• Be cautious with sensitive information. Avoid inputting sensitive personal or business data, which could be absorbed into the system and exposed in future AI responses or accessed by the Chinese government.
• Monitor government regulations. Given the US government’s growing concern over foreign-owned platforms and their access to user data, it’s important to stay informed about any restrictions or guidelines on AI services like DeepSeek.
• Use Deepseek’s AI models locally. Deepseek’s AI models are open source and therefore can be downloaded and used for free, on your own hardware, meaning that while performance may be worse on lower-end hardware, no personal information would be sent to anyone over the internet, including DeepSeek.

Until DeepSeek is more open about how it handles user data, its users should be careful. The mix of Chinese control over data, censorship features, and the recent cyberattack makes it unclear if the platform can protect user privacy. DeepSeek will need to prove it can protect privacy and give clear guidelines on data security to earn its users’ trust.