Despite its efficiency and customizability, DeepSeek—a Chinese AI chatbot—raises serious concerns about data privacy, censorship, and security vulnerabilities for business users.
DeepSeek’s Rapid Rise and Security Concerns
Two years after ChatGPT’s launch, China introduced a major rival: DeepSeek. Within days of its release in January 2025, DeepSeek became the most downloaded freeware app on Apple’s iOS App Store and Google Play in the U.S. However, its fast adoption has sparked significant privacy and security concerns, especially for businesses that may input sensitive data.
What Is DeepSeek?
Developed by a Chinese AI startup of the same name, DeepSeek is an open-source generative AI chatbot that competes with ChatGPT, Google’s Gemini, and Anthropic’s Claude. Unlike its rivals, DeepSeek is entirely free to use via a web application, requiring only an email or phone number for registration.
DeepSeek stands out for its efficiency—achieving results comparable to ChatGPT with significantly fewer GPUs. While it excels in technical and mathematical domains, ChatGPT offers broader, context-aware responses across a wider range of topics.
DeepSeek Web App vs. Local Hosting
Users can access DeepSeek through its web and mobile apps or by hosting models locally via GitHub. When using DeepSeek’s web app, interactions occur on servers controlled by DeepSeek, subjecting users to its data-sharing policies. In contrast, local hosting allows organizations to maintain control over their data but shifts security responsibilities to the user.
Key Security Risks of DeepSeek
1. Data Privacy & Government Oversight
DeepSeek operates under China’s strict data laws, which require companies to cooperate with government authorities. Its privacy policy explicitly states that user data—including account details, input history, device metadata, and location data—is stored on servers in China, making it accessible to the Chinese government.
This centralization raises concerns for businesses, as sensitive corporate data entered into DeepSeek may be subject to state oversight without notification. Some Western governments, such as Italy, have already banned DeepSeek over privacy concerns, while U.S. lawmakers are considering similar restrictions.
2. Open-Source Risks: Disinformation & Security Exploits
DeepSeek’s open-source model offers flexibility but also creates risks:
- Harmful Content – Developers can modify the chatbot’s code to bypass built-in safety measures, potentially enabling it to generate dangerous content, such as malware or instructions for illegal activities.
- Disinformation – The ease of modifying DeepSeek makes it an attractive tool for bad actors seeking to generate misleading content at scale.
Unlike OpenAI and Google, which enforce strict content safety measures, DeepSeek’s open-source nature makes it more vulnerable to manipulation.
3. Centralized Data Storage Risks
Most Western AI providers use decentralized, region-specific data centers to comply with privacy laws like GDPR. DeepSeek, however, stores all user data in China, raising concerns for international businesses handling sensitive information.
4. AI Hallucinations & Misinformation
DeepSeek has been found to be more prone to AI hallucinations—where the model generates false or misleading information. This can lead to:
- The spread of misinformation
- Faulty business decisions based on incorrect data
- Exposure of intellectual property
- Compliance risks if AI-generated outputs conflict with regulatory standards
5. Encryption & Security Weaknesses
Security audits of DeepSeek’s iOS app revealed several vulnerabilities:
- Unencrypted Data Transmission – User data is sent over the internet without proper encryption, making it susceptible to interception.
- Weak Encryption Methods – The app uses outdated cryptographic methods, leaving stored data vulnerable to breaches.
- Excessive Data Collection – The app gathers extensive device telemetry, allowing for user tracking and deanonymization.
How DeepSeek Compares to ChatGPT & Gemini
| Security Factor | DeepSeek | ChatGPT | Gemini |
|---|---|---|---|
| Data Storage | China-only | Global, region-specific | Global, region-specific |
| Government Oversight | Subject to China’s data laws | U.S./EU privacy laws apply | U.S./EU privacy laws apply |
| Guardrail Protection | Easier to bypass | Strong, regularly updated | Strong, regularly updated |
| Transparency | Limited public disclosures | Security white papers, third-party audits | Security white papers, third-party audits |
Should Businesses Use DeepSeek?
Businesses handling sensitive information should exercise extreme caution when considering DeepSeek. Its centralized data storage in China, potential government oversight, and open-source vulnerabilities make it a higher-risk alternative compared to Western AI tools like ChatGPT and Gemini. Organizations concerned about data security should either avoid using DeepSeek’s web application or only interact with the model through local hosting to maintain control over their data.
Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more
In Marc Benioff's own words How did salesforce.com grow from a start up in a rented apartment into the world's Read more
Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more
Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more
