On January 20, 2025, the Chinese company Deepseek released a new Large Language Model (LLM) called Deepseek R1. This model is said to be at least as capable as the established models from OpenAI or Meta and is also more affordable. This release was compared to the “Sputnik shock” for the West, referencing the first artificial satellite launched by the Soviet Union in 1957, which surprised Western countries.
In app stores, Deepseek R1 quickly surpassed OpenAI’s ChatGPT as the highest-rated free AI app. This caused a drop in the stock prices of Western chip manufacturers like Nvidia. However, there are concerns about the security and privacy of this Chinese open-source AI.
Before using Deepseek R1, users must agree to the privacy policy. Deepseek categorizes the information it collects from users into three groups:
- First, data provided by users themselves, such as age, email address, password, and any text input or prompts entered into the chatbot.
- Second, automatically collected information like IP addresses or cookies.
- Third, data from third-party sources, such as logins via Google or Apple and information from advertisers.
Deepseek uses this data to improve its services and fulfill legal obligations or protect the interests of its users and others. The company may share this information with advertising or analytics companies and also with “law enforcement agencies, public authorities, copyright holders, or other third parties.” This practice is not unusual, although it is broadly defined here. Additionally, China requires domestic tech companies to cooperate with national intelligence services.
Privacy advocates are particularly concerned about the location where Deepseek stores its data. The data is stored on servers in China, a country known for its lax approach to cybersecurity. A 2024 study ranked China as the third most vulnerable country to cyber threats, behind Russia and Ukraine.
Recently, on January 28, 2025, Deepseek experienced a cyberattack, which temporarily prevented new registrations. The origins of the attack remain unknown. Moreover, there are claims that the Chinese government is increasingly collaborating with cybercriminals to spy on Western countries or companies, as noted by Microsoft in a report last year.
There are fears that Deepseek R1 might become a new tool for China to gather sensitive information from Western countries, similar to concerns about TikTok, which led to its temporary ban in the USA. There is also a risk that the AI could spread false information, especially when discussing sensitive topics in Chinese history, where censorship rules apply.
Another security concern is that Deepseek R1 is an open-source model. The public availability of its source code could allow attackers to easily identify and exploit vulnerabilities.