Earlier this week Taiwan banned government departments from using DeepSeek’s services.
From half a dozen countries launching investigations into DeepSeek, to government departments scrambling to regulate the AI start-up’s products on its workers’ devices, the tech world has been left in a flurry ever since China’s DeepSeek launched its latest reasoning model just three weeks ago.
All attention has been on the start-up since the launch of R1, which DeepSeek claims cost less than $6m to train, while performing on par with the likes of OpenAI’s GPT-4 and Anthropic’s Claude 3.5 Sonnet. The start-up’s R1 launch even had an unprecedented effect on chipmaker Nvidia, which lost close to $600bn in market cap on a single day last month.
Amidst its surge in popularity, the start-up’s V3 AI chat platform suffered from a cyberattack. While yesterday (6 February) it temporarily suspended its API service recharges due to resource constraints as more and more users flock to use its services.
Probes everywhere
Although DeepSeek’s performance capabilities are lauded by tech giants and politicians, cybersecurity experts highlight its vulnerabilities.
Kela, a cyberthreat intelligence organisation, said that its team was able to jailbreak, or bypass the model’s in-built safety measures and ethical guidelines, which enabled R1 to generate malicious outputs, including developing ransomware, fabricating sensitive content, and giving detailed instructions for creating toxins and explosive devices.
Moreover, according to the start-up’s privacy policy, it transfers personal information collected from users to servers located in China. Experts have previously raised alarm over China’s data protection laws, alleging that it does not limit access by authorities.
As a result, a number of national data protection authorities flocked to probe DeepSeek. Late last month, France launched a line of questioning into the Chinese start-up over privacy concerns, while the Netherlands announced it will launch an investigation over “serious concerns” regarding DeepSeek’s privacy policies and use of personal information.
Meanwhile, the Belgian data protection authority received a complaint about DeepSeek and, earlier this week, Taiwan banned government departments from using DeepSeek’s services, citing security risks.
In a statement to the press, Taiwan’s Ministry of Digital Affairs said: “DeepSeek’s AI service is a Chinese product, and its operation involves cross-border transmission and information leakage and other information security concerns, and is a product that jeopardises the country’s information security.”
Today (7 February), the South Korean data protection regulator, the Personal Information Protection Commission (PIPC), issued an advisory, advised people to use DeepSeek with caution. This comes after the PIPC inquired into the Chinese start-up last month about its personal data collection policy.
Meanwhile the Irish Data Protection Commission and Italy’s Garante launched their own lines of questioning into DeepSeek’s privacy and data security practices. Garante has given DeepSeek until the third week of February to respond.
Moreover, in the US, a bipartisan bill is being introduced to Congress, which seeks to ban China’s DeepSeek from government devices.
Called the ‘No DeepSeek on Government Devices Act’, the legislation aims to prohibit the use of DeepSeek by federal employees on government-issued devices.
“The technology race with the Chinese Communist Party (CCP) is not one the United States can afford to lose,” said congressperson Darin LaHood, who is one of the two politicians behind the proposed legislation.
“The national security threat that DeepSeek – a CCP-affiliated company – poses to the United States is alarming. DeepSeek’s generative AI program acquires the data of US users and stores the information for unidentified use by the CCP.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
