Companies and government agencies around the world are moving to restrict their employees’ access to the tools recently released by the Chinese artificial-intelligence startup DeepSeek, according to the cybersecurity firms hired to help protect their systems.
“Hundreds” of companies, particularly those associated with governments, have worked to block access to DeepSeek due to concerns about potential data leaks to the Chinese government and what they view as weak privacy safeguards, Nadir Izrael, chief technology officer of the cyber firm Armis Inc., said, referring to the startup’s own clientele. Most customers of Netskope Inc., a network security firm that companies use to restrict employees access to websites, among other services, are similarly moving to limit connections.
Roughly 70% of Armis customers have requested blocks, the company said, and 52% Netskope clients are blocking access to the site entirely, according to Ray Canzanese, director of Netskope’s threat labs.
“The biggest concern is the AI model’s potential data leakage to the Chinese government,” Armis’s Izrael said. “You don’t know where your information goes.”
Anxieties around DeepSeek have mounted since the weekend when praise from high-profile tech executives including Marc Andreessen propelled DeepSeek’s AI chatbot to the top of Apple Store app downloads. Chief among those worries is the fact that DeepSeek states in its own privacy terms that it collects and stores data in servers in China, adding that any dispute on the matter would be governed by Chinese government law.
DeepSeek didn’t respond to a request for comment.
It wasn’t immediately clear how many Defense Department employees sought to access DeepSeek. There’s been no indication that a data breach or security incident has occurred in connection with DeepSeek usage at the Pentagon.
According to DeepSeek’s own privacy policy, the company collects users’ keystrokes, text and audio input, uploaded files, feedback, chat history and other content for the purpose of training its AI models and may share that information with law enforcement and public authorities at its discretion.
Cyber researchers who set out to probe DeepSeek’s security said they found a publicly accessible database belonging to the company that contained internal data. The database included some DeepSeek chat history, backend details and technical log data, according to Wiz Inc., the cybersecurity startup that Alphabet Inc. sought to buy for $23 billion last year. Wiz said DeepSeek secured the information when it reported the discovery.
DeepSeek and the increased adoption of other generative AI services is poised to accelerate the development and sales of cybersecurity services, according to research from Bloomberg Intelligence. CrowdStrike Holdings Inc., Palo Alto Networks Inc. and SentinelOne are among the companies that could benefit from the trend, said Bloomberg analysts Mandeep Singh and Damian Reimertz.
Already, governments are scrutinizing DeepSeek’s privacy controls.
Italy’s privacy regulator ordered DeepSeek blocked “as a matter of urgency and with immediate effect” in an effort to protect Italians’ data. Ireland’s Data Protection Commission, which enforces the European Union’s privacy regulations on many of the world’s largest technology companies, said Wednesday it had requested information from DeepSeek to determine if the company is properly safeguarding user data.
The UK’s Information Commissioner’s Office said in a statement that generative AI developers must be transparent about how they use personal data, adding that it would take action whenever its regulatory expectations are ignored.
US officials and that Chinese national security laws allow the government there to gain access to encryption keys controlled by companies operating in the country and compel them to assist in intelligence-gathering activities. These laws were at the heart of the US government’s case for banning China-based ByteDance Ltd.’s TikTok platform, with national security officials warning that its Chinese ownership offered Beijing a way into Americans’ personal information.
TikTok has denied that it presents any such threat. US President Donald Trump vowed to come up with a deal that would allow the platform to continue to operate in the US shortly after he took office in January.
Mehdi Osman, CEO of the US software startup OpenReplay, is among the business leaders who opted not to use DeepSeek’s API service over security concerns. But he warned that the firm’s extraordinarily low prices still threaten to lure developers away from OpenAI “in the coming months.”
Cybercrime researchers are meanwhile warning that DeepSeek’s AI services appear to have less guardrails around them to prevent hackers from using the tools to, for example, craft phishing emails, analyze large sets of stolen data or research cyber vulnerabilities.
“With very little effort, attackers will be able to make code modifications leading to increased scale and velocity of cyber and fraud attacks,” said Levi Gundert, chief security and intelligence officer at the cybersecurity firm Recorded Future Inc.
Photograph: A user interface message on the DeepSeek artificial intelligence app on a mobile phone, arranged in Riga, Latvia, on Wednesday, Jan. 29, 2025. Photo credit: Andrey Rudakov/Bloomberg
Was this article valuable?
Here are more articles you may enjoy.
Lawsuit Accuses Amazon of Secretly Tracking Consumers Through Cellphones 
Progressive Net Income More Than Doubles in 2024 
DeepSeek’s AI Restricted by ‘Hundreds’ of Companies in Days 
LA Wildfires by the Numbers: Insured Losses, Total Losses, Ratings, Rates 
