What is DeepSeek and should I be concerned?
The buzz of an ultra-powerful, new LLM comes with a shadow of serious risk.
In the quiet tech hub of Hangzhou, China, far from the bustling innovation centres of Silicon Valley, a revolution in artificial intelligence was taking shape. When technology reporter Stu Woo first encountered DeepSeek during a video interview, he witnessed something remarkable: a San Francisco-based AI company founder choosing this unknown platform over industry giants like Google and ChatGPT. This moment marked the beginning of a transformation that would send shock-waves through the global technology landscape and challenge our fundamental assumptions about AI development.
DeepSeek's Origins
At the heart of DeepSeek's story is Liang Wenfeng, a visionary who approached AI development with an unconventional philosophy. After co-founding a successful hedge fund, Liang assembled a team using what many would consider an unorthodox hiring principle; prioritising fresh graduates and those with minimal work experience over seasoned professionals. His reasoning was profound in its simplicity. Those without entrenched habits would approach problems with fresh eyes he said, leading to innovative solutions rather than recycled methodologies.
This approach to talent acquisition reflects DeepSeek's broader philosophy of challenging established norms. As Woo explains,
Liang wants creative people, but he doesn't really care that much about experience... if you ask people without experience to solve that same problem, they'll have to sit down, think about the problem, and then they'll figure out the best and freshest and most efficient way to do it.
A revolutionary approach to AI development
The true genius of DeepSeek lies in its fundamental reimagining of how AI processes information. As Woo articulated in The Wall Street Journal's "The Journal" podcast, traditional AI models like ChatGPT function like librarians who have read every book in the library, requiring enormous computational resources and energy. DeepSeek, however, took a radically different approach.
Instead of attempting to process and store vast amounts of information, DeepSeek developed a system that excels at identifying and accessing relevant information on demand. This approach is a transformative, effective new-norm. By focusing on the ability to locate and synthesize information rather than store it, DeepSeek achieved comparable or superior results while using significantly fewer resources.
How this technical innovation disrupted the markets
The impact of this technological breakthrough was seismic. According to Gunjan Banerji of the Wall Street Journal, the market reaction was unprecedented, with Nvidia alone losing $600 billion in market value in a single day. This market correction was a fundamental reassessment of the AI industry's future.
DeepSeek's innovation challenged the core assumption that advanced AI development required massive investments in high-end computing infrastructure. Using what their research paper described as a fraction of the resources traditionally considered necessary, DeepSeek demonstrated that efficiency and innovative architecture could triumph over raw computational power.
The global response: A wave of caution
The rapid rise of DeepSeek has prompted varied responses from governments and institutions worldwide. Italy became the first country to launch an investigation and subsequently ban DeepSeek from processing Italian users' data, citing privacy concerns. Taiwan followed suit, prohibiting government officials and key infrastructure from using DeepSeek's applications due to national security concerns. Australia, South Korea, and several U.S. government agencies, including the Pentagon, have implemented similar restrictions.
The reasons for these bans are multifaceted. Beyond the general concerns about data privacy and national security, specific technical vulnerabilities have emerged. Security researchers have identified critical flaws in DeepSeek's implementation, including the use of deprecated 3DES encryption standards, reused encryption keys across users, unencrypted data transmission to servers, and an exposed database allowing full control over operations.
Security concerns and enterprise risk
The security implications extend beyond technical vulnerabilities. Anthropic CEO Dario Amodei's revelation that DeepSeek performed poorly in safety tests, particularly regarding sensitive information generation, raises serious concerns for enterprise deployment. The platform's apparent lack of content filtering and safety measures presents significant risks for organisations handling sensitive data.
Despite these concerns, DeepSeek's capabilities are undeniable. The platform has become the most downloaded AI application in 140 markets, suggesting its appeal transcends geographical and cultural boundaries. Its ability to match or exceed the performance of established AI platforms while using fewer resources represents a significant advancement in AI technology.
Strategic considerations for business leaders
For organisations considering DeepSeek or similar AI tools, several key considerations emerge.
First, data security and compliance. You must implement robust data governance policies and regular security audits. Consider the regulatory implications of AI tool usage, particularly in light of increasing government scrutiny and restrictions.
Next, develop comprehensive risk assessment frameworks. This will help you evaluate AI tools, including technical capabilities, security measures, and regulatory compliance regardless of how powerful everyone on LinkedIn says the tool is. Consider establishing an AI ethics committee to evaluate new technologies before deployment.
Finally, operational integration relies on clear policies for AI tool adoption and usage within your organisation. Consider the broader implications of tool selection on your organisation's security posture and regulatory compliance.
The future of AI development
DeepSeek's emergence represents more than just technological innovation, it seems to signal a fundamental shift in how we approach AI development and deployment. While its technical achievements are remarkable, the security concerns and regulatory challenges highlight the complex balance organisations must strike between innovation and risk management. We are entering our twilight moment of regulatory and limitations on who uses AI, and how.
As we move forward, success in the AI landscape will require a nuanced approach that considers not just technical capabilities, but also security, privacy, and regulatory compliance. Organisations must develop comprehensive strategies that allow them to harness the power of AI innovation while protecting their stakeholders' interests and maintaining robust security measures.
The story of DeepSeek reminds us that innovation often comes from unexpected sources and challenges our fundamental assumptions about technology development. As we navigate this evolving landscape, the key to success lies not in blindly embracing new technologies, but in thoughtfully evaluating their potential benefits and risks within our specific organisational contexts. Evaluate it these tools in detail, eliminate what’s not needed, execute its power safely.
Sources
NowSecure Uncovers Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App
This article details the use of the insecure 3DES encryption algorithm, hardcoded encryption keys, and other security vulnerabilities in DeepSeek's iOS app.
https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
This report highlights that DeepSeek's app sends sensitive data over the internet without encryption and uses deprecated encryption methods like 3DES with hardcoded keys.
https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html
Experts Flag Security, Privacy Risks in DeepSeek AI App
This article discusses the use of the deprecated 3DES encryption algorithm and hardcoded encryption keys in DeepSeek's app, leading to significant security concerns.
https://krebsonsecurity.com/2025/02/experts-flag-security-privacy-risks-in-deepseek-ai-app/
DeepSeek's iOS App Sends Unencrypted Data to Chinese Servers
This piece reports on DeepSeek's use of 3DES encryption with hardcoded symmetric keys, resulting in all users sharing the same encryption keys and raising security issues.
https://appleinsider.com/articles/25/02/07/deepseeks-ios-app-sends-unencrypted-data-to-chinese-servers
DeepSeek iOS App Sends Data Unencrypted to ByteDance-Controlled Servers
This article highlights that DeepSeek's app uses 3DES encryption with hardcoded keys, and the purpose of this implementation remains unclear.
https://arstechnica.com/security/2025/02/deepseek-ios-app-sends-data-unencrypted-to-bytedance-controlled-servers/
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information
This research uncovers a publicly accessible database belonging to DeepSeek that allowed full control over database operations, including access to internal data.
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
DeepSh*t: Exposing the Security Risks of DeepSeek-R1
This analysis evaluates the security considerations of deploying DeepSeek-R1, highlighting potential risks in enabling trust_remote_code and other vulnerabilities.
https://hiddenlayer.com/innovation-hub/deepsht-exposing-the-security-risks-of-deepseek-r1/
DeepSeek Explained: Everything You Need to Know
This article provides an overview of DeepSeek, its models, and the security concerns associated with its applications.
https://www.techtarget.com/whatis/feature/DeepSeek-explained-Everything-you-need-to-know
Chips, China, and a Lot of Money: The Factors Driving the DeepSeek AI Turmoil
This discussion explores the broader implications of DeepSeek's AI developments and the associated security concerns.
https://carnegieendowment.org/posts/2025/01/deepseek-ai-china-chips-explainer?lang=en