DeepSeek could pose major privacy issues for Americans through a coding open door, a cybersecurity expert warned Wednesday.
The expert told ABC News he used artificial intelligence (AI) software to decrypt portions of DeepSeek’s code and unearthed what may be intentionally hidden programming capable of relaying user data to an online registry for China Mobile, a telecommunications company owned and operated by the Chinese government. It is the same China Mobile that the Federal Communications Commission banned from the U.S. in 2019 because of concerns that “unauthorized access to customer…data could create irreparable damage to U.S. national security.”
“We see direct links to servers and to companies in China that are under control of the Chinese government. And this is something that we have never seen in the past,” Feroot Security CEO Ivan Tsarynny told ABC News.
Tsarynny said he discovered DeepSeek’s web tool creates a digital “fingerprint” with the ability to track users’ activity on DeepSeek’s website and throughout the web. Those who register or log in to DeepSeek may unwittingly create accounts in China, exposing their identities, search queries, and online behavior.
DeepSeek, its hedge fund founder High-Flyer, and China Mobile were unavailable for comment on the ABC News report. But U.S. officials immediately weighed in.
“I think we should ban DeepSeek from all government devices immediately. No one should be allowed to download it onto their device. And I think we have to inform the public,” Rep. Josh Gottheimer, D-N.J., who serves on the House Intelligence Committee, said after the report aired. The U.S. Navy and Congressional offices have already locked down on DeepSeek use because of security concerns.
DeepSeek, the controversial Chinese AI startup that claims its open-source model is capable of reasoning benchmarks equal to or beyond comparable models from Big Tech at a fraction of the cost, has been at or near the top of the most-popular free apps on Apple Inc. and Google’s app stores since its R1 model debuted in late January.
Yet its close links to China has sparked wide-ranging angst over security and privacy risks. The company’s privacy policy says it collects information such as names, email, numbers and passwords, and usage data (text or audio input prompts, uploaded files, feedback, and broader chat history).
Tsarynny’s warning is just the latest from cybersecurity officials about DeepSeek. Last week, cloud security firm Wiz Research disclosed that more than 1 million lines of personal information such as chat histories and API secrets were publicly visible.
What has security experts especially worried is the prospect of DeepSeek transmitting individuals’ data to China amid escalating tensions between the country and the U.S.
This week, Australia joined Italy, Ireland and segments of the U.S. government in banning DeepSeek. Australia’s Secretary of the Department of Home Affairs on Tuesday required all government entities to prevent the access, use or installation of DeepSeek products, applications and web services on Australian government systems and mobile devices. Government entities were also ordered to remove any existing DeepSeek app.
