Is DeepSeek safe? Is it Right for the US to Impose a Ban?

Is DeepSeek safe? This is a major concern among users these days. Due to serious national security concerns, the USA is imposing a ban on DeepSeek (the Chinese AI Chatbot) from U.S government devices. The DeepSeeks server is located in China, where it stores its users’ data. DeepSeek set off a major sale in the global equity market in January. This spark threatened investors of current market AI leaders, which refers to an already hostile environment for this model. Although the suggestion of ban is still under discussion. It gives rise to the question of whether the fear is true. Is DeepSeek safe to use?

DeepSeek AI Database Leak

DeepSeek was created by a prominent hedge fund and gained traction after realising its latest open-source generative AI model. This model not only competes with US-developed OpenAI but also beats it in many aspects. Keeping that in mind, DeepSeek creators use innovative methods to bypass US sanctions on its hardware and software devices.

This Chinese AI startup rivals the leading AI systems, such as OpenAI’s o1. DeepSeek recently gained significant media attention due to its cost-effectiveness, groundbreaking performance, and efficiency. This made the Wiz Reaserch team to asses the vulenrabilities and security posture of this model. 

The team discovered that a publicly accessible ClickHouse database that is linked to DeepSeek has been completely left open without any authentication. This means that anyone with the right URL can access this database without needing any specific username or password. 

This database had a huge amount of sensitive information, and since ClickHouse is a powerful analytics database, this breach could have exposed API secrets, log streams, chat history, and operational details.

Such misconfigurations pose a serious threat and raise questions over the vulnerability of DeepSeek, leading to major concerns about whether is DeepSeek safe from data leaks, cyber attacks, and exposing user information. 

According to Wiz Research’s report, the leak happened due to misconfigured cloud storage that lacked proper access controls, which is a common vulnerability in cloud-based systems.

What Specific Data was Exposed in the Deepseek Leak?

DeepSeek aims to improve AI-driven data procession and machine learning. Yet a large part of its database is left unauthenticated. A report from Wiz research indicated that DeepSeek’s database with sensitive information of operational metadata, system details, sensitive log streams, and API secrets leaked. According to this report by Wiz research on January 29th, there is a significant data leak that exposed over one million sensitive records.

This record was publicly accessible to anyone with an internet connection, which raises serious concerns about how DeepSeek is managing data practices. Does it comply with privacy laws, or is DeepSeek safe for public use?

DeepSeek also temporarily restricted new sign up due to “large-scale malicious attacks”. This means that its system was overwhelmed due to unusually high-traffic, bots, or hacking attempts. 

The U.S recent ban on Chinese-owned social media platform TikTok led to a mass migration of users to another Chinese app called Rednote. However, a ban on TikTok and then on DeepSeek indicates that the U.S government is taking serious concerns over AI dominance of Chinese-backed companies, although Americans will not stop using Chinese-owned digital and AI devices. 

How does DeepSeek Handle Their Users’ Data?

All the conversations and questions users ask and the answers that DeepSeek generates are stored in China. This includes the information that users share with DeepSeek and those it collects automatically from other sources. There is a clear concern that DeepSeek is sending its users’ data to China. It is because the information DeepSeek collects is secured in the servers that are located in the People’s Republic of China. 

The audio inputs, prompts, files, and feedback users provide to DeepSeek are collected. This collection is similar to the other AI models that take information and use it as prompts. Since DeepSeek is an open-source model, you can create a more secure, privacy-friendly, and independent AI version. Although there are multiple options in these AI models settings to delete chat history. Still, cybersecurity data protectors emphasize that users not reveal any personal information on AI chatbots. 

Also DeepSeek in its current form comes with a risk of sharing most private and sensitive information to China,  which made the US government concerned about its citizens’ privacy and security. The reason is that DeepSeek’s server is subject to Chinese data laws and is obliged to give access to the Chinese government.

Conclusion

Even if DeepSeek is promising, its data practices and handling make its security and privacy a questionable concern. Will the DeepSeek leak and China’s surveillance haunt users, and will they stay anxious about whether DeepSeek is safe to use? To comprehend this distressful situation, the US government is going to ban it. However, when the world is enjoying this advanced innovation in minimum fortune, the impact of the US ban on DeepSeek is still a matter of debate.