Member-only story
The Risks and Challenges of DeepSeek AI.
Are you ready to manage the emerging risks in AI.
The AI landscape has seen a dramatic shake-up with the recent announcement of China’s new AI model, DeepSeek R1. Market watchers were stunned by claims that DeepSeek can achieve similar capabilities to western AI models at a fraction of the cost. According to the developers, powering DeepSeek cost just $5.6 million though its worth noting that many insiders dispute that figure.
While the technological claims surrounding DeepSeek are impressive, the model’s launch raises serious concerns about privacy and compliance — especially in Europe, where GDPR regulations govern data protection. Despite being available in Europe, DeepSeek’s privacy policy fails to acknowledge GDPR (see the picture at the top of this blog), even as it collects EU user data like email addresses and interaction logs. GDPR mandates transparency about data usage, but DeepSeek offers no clarity on whether EU citizen data was used for training or on the legal basis for its collection. Additionally, its policy reveals that all user data is stored in China, raising alarms about international data transfer risks. GDPR requires robust safeguards for transferring EU data to non-compliant jurisdictions like China, yet there is no mention of risk assessments, safeguards, or compliance mechanisms like Standard Contractual Clauses (SCCs). DeepSeek’s vague claims of adherence to “applicable data protection laws” lack the transparency needed to build trust.
Beyond privacy concerns, DeepSeek poses significant cybersecurity risks. Testing conducted by Kela , a cyber intelligence platform, revealed alarming vulnerabilities and dangerous misuse cases. It wasnt just Kela that reported that DeepSeek is very easily Red Teamed for more infomation see my previous blogs.
DeepSeek has been shown to produce working ransomware code, complete with step-by-step instructions for distribution and deployment. It has provided detailed guides on creating a suicide drone. The AI also generated phishing programs to steal sensitive information like usernames, passwords, and credit card details, offering advice on maximizing their impact. In another concerning example, DeepSeek confidently fabricated tables of fake details about OpenAI employees, including emails, phone numbers, and salaries. Its…
