DeepSeek - A Deep Dive Reveals More Than One Red Flag

Uploaded on 2025-03-05 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Like many advanced AI-driven tools, the Chinese DeepSeek AI application offers incredible innovation. Still, it raises significant data privacy concerns due to the sensitive nature of the data being processed and the regulatory environment.

Integrating large-scale data collection and advanced AI technologies, particularly in healthcare, surveillance, and financial services, exacerbates these concerns. 

The Australian government has recently banned the DeepSeek AI app from being installed on devices due to privacy concerns. Similar concerns were raised by the South Korean intelligence agency.  Regulators in Italy have blocked the use of the DeepSeek AI app on mobile devices. 

Among the risks and challenges associated with DeepSeek AI are: 

  • Excessive data collection is a critical issue. DeepSeek may collect vast amounts of personal data, including location, biometric, behavioural and sensitive health information without transparent consent mechanisms. Users do not fully understand what data is being collected, how it is processed, or whether it will be shared with third parties, raising ethical and regulatory red flags. 
  • Data sharing and cross-border transfers are another primary security concern. Under Chinese data protection laws, such as the Personal Information Protection Law (PIPL), companies must adhere to strict data localisation rules. However, in global collaborations DeepSeek data could be shared across borders, raising questions about compliance and exposing user data to jurisdictions with weaker privacy protections. Moreover, the Chinese government’s regulatory requirements for data access could result in heightened surveillance risks, as sensitive user data could be accessed for state purposes, raising international concerns about civil liberties and the misuse of personal information. 
  • Data security vulnerabilities add to the privacy risks. Advanced AI applications like DeepSeek rely on centralised or cloud-based architectures to process and analyse data making them targets for cyberattacks.

A lack of robust encryption or security protocols could expose users to data breaches, identity theft or misuse of personal data.

Threat actors could exploit DeepSeek AI's algorithms through model inference or poisoning attacks, potentially exposing sensitive training or input data. This creates a dual threat: user privacy is compromised, and the reliability and trustworthiness of the AI outputs are also jeopardised. 

  • The lack of user control over their data is a recurring issue. DeepSeek users often have limited visibility into how their data is stored, processed or retained. The potential for misuse of personal information once it enters the system is a significant concern. DeepSeek AI developers must prioritise compliance with privacy laws, enhance transparency and adopt privacy-by-design principles.

This includes implementing secure data storage practices, encrypting sensitive information and giving users greater control over their data to build trust and ensure ethical AI use. 

Understanding how attackers target applications like DeepSeek is not just important, it's urgent. It allows us to assess the presence of inherent security controls and verify their robustness, which is an immediate task given the increasing cyber threats.  

  • Attackers exploit DeepSeek's AI models to infer sensitive training data through model inversion attacks. By analysing the model's outputs, they can reconstruct input data such as user profiles, health metrics, or personal identifiers that were part of the training set. Such attacks can be executed without direct access to the training data, making them stealthy and dangerous. 
  • Applications like DeepSeek rely on continuous learning or updates to their models and are vulnerable to data poisoning attacks. Attackers introduce malicious or biased data into the training pipeline by infiltrating external data sources or exploiting insufficient validation mechanisms. This can corrupt the model, causing it to generate harmful or inaccurate outputs.
  • Adversarial attacks exploit weaknesses in the app’s data processing capabilities by introducing crafted inputs that deceive the model. In the case of DeepSeek AI, attackers could manipulate input data, such as images or text, with subtle perturbations that cause the model to misclassify or generate unintended results. For example, an attacker could use adversarial inputs like subtly altered images or text to bypass a security feature or generate misleading outputs. 
  • Open-source AI models like DeepSeek, while offering accessibility and innovation, are increasingly vulnerable to supply chain attacks triggered during large-scale cyberattacks. These attacks, where adversaries exploit the reliance on third-party dependencies, pre-trained models, or public repositories, can have severe consequences. Adversaries may tamper with pre-trained models by embedding malicious code, backdoors, or poisoned data, which can compromise downstream applications. Additionally, attackers may target the software supply chain by manipulating dependencies, libraries, or scripts used during model training or deployment.

This can lead to the corruption of systemic AI functionality. For example, malicious code disguised as a DeepSeek package was recently distributed to spread infections via supply chains. 

  • DeepSeek AI apps rely on APIs and third-party integrations to function efficiently. Attackers can exploit insecure APIs to gain unauthorised access to user data or the app's backend systems. Additionally, if DeepSeek shares data with other applications or services, attackers can intercept or manipulate these exchanges, creating a broader attack surface.

Improperly secured API endpoints or insufficient authentication protocols can expose sensitive data to exploitation. Recently, the attackers have exploited open reverse proxy (ORP) instances containing DeepSeek API keys, indicating widespread exploitation. These compromised ORP servers allow access to critical LLM services, resulting in unauthorized access to AI models while masking user identities to conduct LLM-jacking.

  • Adversaries can trigger a DDoS attack against the DeepSeek AI app, aiming to overwhelm its infrastructure, rendering the app unavailable to legitimate users and disrupting its services. Given the data-intensive nature of AI applications like DeepSeek, which rely on real-time data processing and model inference, attackers can exploit these resource demands by flooding the app with excessive fake requests or malicious traffic. This overloads the servers, consuming bandwidth, computational power and storage capacity, leading to system crashes or delays.

Such attacks impact the app’s availability and create opportunities for secondary attacks, such as injecting malware or exploiting vulnerabilities during recovery efforts. 

When AI applications and services like DeepSeek are attacked, data becomes a key angle of exploitation and vulnerability. Data is the foundation of AI systems—it drives their functionality, accuracy and decision-making capabilities. Adversaries conduct data exfiltration as AI systems such as DeepSeek often process sensitive information such as customer data, proprietary models or real-time inputs.

Malicious actors may exploit vulnerabilities to extract this data, exposing organisations to privacy breaches, regulatory violations, and reputational damage.  

Professionals must understand these risks and take steps to mitigate them, as attacks targeting the data aspect of AI systems can have far-reaching consequences, including undermining the system's integrity, exposing sensitive information and corrupting the AI model's behaviour.  

Aditya K Sood is VP of Security Engineering and AI Strategy at Aryaka 

Image: Ideogram

You Might Also Read:

US Researchers Launch A DeepSeek Competitor:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« From Accidental Hacker To Cybersecurity Champion
Hackers Exploiting Malware In Google Docs »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

Digital Defense Inc (DDI)

Digital Defense Inc (DDI)

DDI offers vulnerability scanning, penetration testing, web application testing, social engineering and additional security assessments.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

Axonius

Axonius

Axonius is the only solution that offers a unified view of all assets and their coverage, empowering customers to take action to enforce their organization’s security policies.

Get Safe Online

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Verificient Technologies

Verificient Technologies

Verificient Technologies specializes in biometrics, computer vision, and machine learning to deliver world-class solutions in continuous identity verification and remote monitoring.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

In-Q-Tel (IQT)

In-Q-Tel (IQT)

IQT is the non-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to U.S. government agencies that keep our nation safe.

rSolutions

rSolutions

rSolutions delivers managed cybersecurity services to clients in many industry sectors including financial services, telecommunications, energy, government and retail.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

Mindflow

Mindflow

Mindflow is dedicated to bringing answers to the challenges the cybersecurity field and beyond face today.

Information Security Society of Africa – Nigeria (ISSAN)

Information Security Society of Africa – Nigeria (ISSAN)

The Information Security Society of Africa – Nigeria (ISSAN) is a not-for-profit organization dedicated to the protection of Nigeria’s cyberspace.