DeepSeek is the new kid on the block and has been touted for its sophisticated capabilities. It surpasses proprietary models like OpenAI's o1 reasoning model across a wide range of benchmarks, including math, science, and coding, at a fraction of its development cost.
Security and safety remain major setbacks that have forced most users to keep generative AI at arm's length. Over the past few years, there have been several instances where user data has been used to train AI models without authorization, ultimately breaching user trust and more.
Now, a damning report suggests DeepSeek's website features computer code that could share user login information with a Chinese telecommunications company despite being barred from running its operations in the United States (via The Associated Press). For context, the US restricted DeepSeek operations, citing close ties between China Mobile and the Chinese military.
The Feroot Security researchers claim the computer code hidden in the website grabs the user login credentials during DeepSeek's account creation and user login process. While the Chinese AI startup admits that it stores user data in its privacy policy documentation, this new report reveals intricate details about DeepSeek's close ties to China than previously thought.
According to Feroot Security CEO Ivan Tsarynny:
“It’s mindboggling that we are unknowingly allowing China to survey Americans and we’re doing nothing about it. It’s hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying ‘Where there’s smoke, there’s fire’? In this instance, there’s a lot of smoke.”
While we can't independently corroborate Feroot Security's findings, The Associated Press shared the report with another group of security experts, who confirmed the presence of the malicious code in DeepSeek's code.
Upon further analysis and testing, both sets of security researchers were unable to tell whether the computer code was used to transfer user data to the Chinese government when testing logins in North America. However, this doesn't entirely rule out the chance that user data was shared with the Chinese telecommunication company.
Related: DeepSeek suffers "large-scale cyberattack," prompting temporary registration cap
While speaking to The Associated Press, Stewart Baker, lawyer, consultant, and former Homeland Security and the National Security Agency official, indicated:
"DeepSeek “raises all of the TikTok concerns, plus you’re talking about information that is highly likely to be of more national security and personal significance than anything people do on TikTok."
Elsewhere, OpenAI and Microsoft accused DeepSeek of using their copyrighted content to train its R1 V3-powered model. However, a separate report suggests DeepSeek spent $1.6 billion to develop its AI model, and not $6 million as previously thought.
This news comes as DeepSeek gains vast popularity and broad adoption, dethroning ChatGPT on Apple's App Store as the most downloaded free AI app in the United States.
