Asian Governments Move Quickly to Prohibit DeepSeek Due to Privacy Issues

Countries throughout Asia are swiftly enacting bans on the use of DeepSeek’s open-source chatbot among government officials and critical infrastructure organizations. This move stems from growing apprehensions regarding data security and privacy vulnerabilities associated with the AI platform, which is developed by a Chinese company.

Recent proposed bans mirror earlier actions taken by several U.S. government entities and European countries, all of which cite fears that DeepSeek-R1, the reasoning application, collects and stores users’ personal data and prompts in China. The application has also demonstrated a tendency to be susceptible to jailbreaking and denial-of-service attacks, further heightening security concerns.

In an initial response, Taiwan’s Ministry of Digital Affairs issued a directive on Friday prohibiting the use of DeepSeek AI’s chatbot by personnel at government agencies, critical infrastructure facilities, public schools, and organizations receiving government funding. The ministry emphasized its position, stating the application is a product of China, raising risks related to cross-border data transmission and information leaks that could compromise national security.

Following suit, the Australian government declared earlier this week that the Chinese AI chatbot presents “an unacceptable risk” to national security. Recent reports indicate that the application has been banned from federal government computers and mobile devices, a precaution in line with similar actions taken in regions such as New South Wales and South Australia.

The urgency surrounding these bans is reinforced by findings from security experts at CyberCX, who assert that DeepSeek AI collects user data from devices and retains it in China. Their analysis indicates that the app is biased, often producing outputs that reflect narratives aligned with the Chinese Communist Party, which raises critical implications for both security and information integrity.

In terms of potential threats, it is important to recognize the MITRE ATT&CK framework in analyzing adversary tactics. Various methods such as initial access, data collection, and even exploitation techniques may have influenced the vulnerabilities of DeepSeek’s chatbot, as organizations expressed concern over unauthorized data access and misuse.

Security analysts also warn that DeepSeek’s AI models may not adequately protect user safety, as they have demonstrated tendencies to produce harmful outputs related to racial discrimination and other hazardous topics when manipulated with leading questions. Notably, recent demonstrations by Palo Alto Networks highlighted vulnerabilities within DeepSeek’s models, which were subject to jailbreaking techniques capable of generating instructions for various forms of cyberattack.

In light of these revelations, the South Korean Ministry of Industry has implemented a ban on government access to DeepSeek’s chatbot, advising caution among government employees when using generative AI services. Similarly, the Armed Forces of the Philippines has indicated readiness to swiftly respond should a nationwide ban on DeepSeek be instituted, ensuring the protection of critical infrastructure and systems.

Heightening scrutiny on DeepSeek AI’s data security has arisen from a recent incident in which security researchers uncovered exposed databases allowing public access to sensitive data, including chat histories and operational details. Moreover, shortly after DeepSeek’s global launch on January 20, the Italian Data Protection Authority initiated an inquiry into the company’s data storage and processing policies, aiming to assess potential risks to the personal information of millions of citizens.

As cybersecurity concerns continue to escalate around DeepSeek AI, it remains imperative for organizations, especially those involved in critical infrastructure, to consider restricting access to applications whose data management practices may compromise security. Doing so not only safeguards sensitive information but also fortifies defense against the evolving landscape of cyber threats.