SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Data Privacy
#
AI
#
AI Ethics

Experts warn of security risks as DeepSeek limits new sign-ups

Yesterday
Author image
By Melania Watson, Interview Editor

Cybersecurity experts have raised concerns over potential security risks in DeepSeek's artificial intelligence platform after the Chinese AI startup announced it would temporarily restrict new user registrations due to "large-scale malicious attacks."  

The company, which has rapidly emerged as a major competitor to OpenAI's ChatGPT and Google's Gemini, said on Monday that while new sign-ups would be paused, existing users could continue accessing its services.

However, cybersecurity professionals say the attack may not be the biggest issue facing the platform.

Aditya Sood, Vice President of Security Engineering and AI Strategy at Aryaka, warned that deeper security vulnerabilities could pose a larger threat.

"The 'large-scale malicious attack' that caused DeepSeek to restrict new registrations is not the biggest concern," Sood said.

"I'm more worried about undetected attacks on the model and data. These hidden threats could compromise legitimate use and enable other malicious activities."

He pointed out that while DeepSeek's open-source model has been praised for its accessibility, the transparency does not necessarily guarantee security.

"While many have said that the open-source nature of DeepSeek means that you can implement it yourself without risk of security or privacy and data leakage, it is not clear that the code is fully vetted or assured from any backdoor or zero-day privacy risk," he said. "Many will use the service, not the open-source code, which like any consumer service such as TikTok is fraught with potential privacy and security risks."

Sood also noted that open-source AI models are particularly vulnerable to attacks where malicious actors manipulate third-party dependencies or public repositories.

"Open-source AI models like DeepSeek are increasingly vulnerable to attacks where adversaries exploit the reliance on third-party dependencies, pre-trained models or public repositories," he said.

"Adversaries may embed malicious code, backdoors or poisoned data, which can compromise downstream applications. They may also target the software supply chain by manipulating libraries or scripts used during training or deployment of the model. This can lead to systemic corruption of the model's functionality."

Data sovereignty and bias concerns

In addition to security risks, some analysts have raised concerns about the implications of using a platform hosted in China.

Trey Ford, Chief Information Security Officer at Bugcrowd, pointed out that DeepSeek's AI service operates on servers based in China, which raises issues about data sovereignty.

"Obviously, the use of their platform places all prompts and uploads on servers hosted in the People's Republic of China," Ford said. "It's nice to see this level of honesty and transparency in software, and the surrender of data sovereignty matters to people and companies."

He also cautioned users to be mindful of the potential influence the platform's developers may have on AI-generated responses.

"The fingerprints of creators are found in their products – and reports of free speech and worldview injection into responses are widely reported from the DeepSeek platform," Ford said. "Users (citizens, and enterprises whether public or private sector) should reflect on both what they submit to a nation-state-backed service, as well as their ability to effectively manage the worldview and perspective of responses provided."

DeepSeek's rapid rise amid AI competition

The concerns from security experts come as DeepSeek has rapidly gained popularity in the AI sector. The startup, founded in 2023, has been positioned as a key rival to OpenAI, Google, and other major players in artificial intelligence.

Last week, it released its R1 reasoning model, which has drawn widespread attention for its capabilities and open-source approach. The company's app also overtook ChatGPT as the most-downloaded free app on Apple's App Store in the U.S. on Monday.

Despite its growing success, cybersecurity analysts say that DeepSeek and other AI platforms must address security and privacy risks as AI technology becomes increasingly central to global industries.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Kaspersky enhances security access for smaller developers
Telecom industry to invest USD $6 billion in QKD by 2030
UK government faces urgent cybersecurity threat crisis
CyberASAP Demo Day to unveil promising UK cyber solutions
Data Privacy Day highlights urgent need for new strategies
Top stories
Cybersecurity in 2025: A Landscape of Evolving Threats and Strategic Shifts
You need to see your attack surface if you want to manage it
DeepSeek: The AI game changer shaping the future of innovation
Edinburgh leverages Genetec in Smart City Strategy push
Remote workers logging longer hours than office peers