Earlier this week Taiwan banned government departments from using DeepSeek’s services.
From half a dozen countries launching their own investigations into DeepSeek, to government departments scrambling to regulate the AI start-up’s products on its workers’ devices, the tech world has been left in a flurry ever since China’s DeepSeek launched its latest reasoning model just three weeks ago.
All attention has been on the start-up since the launch of R1, which DeepSeek claims takes less than $6m to train, while performing on par with the likes of OpenAI’s GPT-4 and Anthropic’s Claude 3.5 Sonnet. The start-up R1 launch even had an unprecedented effect on chipmaker Nvidia, which lost close to $600bn in market cap on a single day last month.
Amidst all of its popularity, the start-up’s V3 AI chat platform suffered from a cyberattack. While yesterday (6 February) it temporarily suspended its API service recharges due to resource constraints as more and more users flock to use its services.
Probes everywhere
Although DeepSeek’s performance capabilities are lauded by tech giants and politicians, cybersecurity experts highlight its vulnerabilities.
Kela, a cyberthreat intelligence organisation, said that its team was able to jailbreak, or bypass the model’s in-built safety measures and ethical guidelines, which enabled R1 to generate malicious outputs, including developing ransomware, fabricating sensitive content, and giving detailed instructions for creating toxins and explosive devices.
Moreover, according to the start-up’s privacy policy, it transfers personal information collected from users to servers located in China. Experts have previously raised alarm over China’s data protection laws, alleging that it does not limit access by authorities.
As a result, a number of national data protection authorities flocked to probe DeepSeek. France and South Korea have launched a line of questioning into the Chinese start-up over privacy concerns, while The Netherlands announced it will launch an investigation into the company.
Meanwhile, the Belgian data protection authority received a complaint about DeepSeek and Taiwan, earlier this week, banned government departments from using DeepSeek’s services, citing security risks.
In a statement to the press, Taiwan’s Ministry of Digital Affairs said: DeepSeek’s AI service is a Chinese product, and its operation involves cross-border transmission and information leakage and other information security concerns, and is a product that jeopardises the country’s information security.”
This comes after the Irish Data Protection Commission and Italy’s Garante launched their own line of questioning into DeepSeek’s privacy and data security practices. Garante has given DeepSeek until the third week of February to respond.
Moreover, a bipartisan bill is being introduced in the US Congress, which seeks to ban China’s DeepSeek from government devices.
Called the ‘No DeepSeek on Government Devices Act’, the legislation aims to prohibit the use DeepSeek for federal employees on government-issued devices.
“The technology race with the Chinese Communist Party (CCP) is not one the United States can afford to lose,” said Congressman Darin LaHood, who is one of the two politicians behind the draft legislation.
“The national security threat that DeepSeek – a CCP-affiliated company – poses to the United States is alarming. DeepSeek’s generative AI program acquires the data of US users and stores the information for unidentified use by the CCP.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
