The rise of DeepSeek has prompted the standard well-documented issues round AI, but in addition raised worries about its potential hyperlinks to the Chinese language state. The Safety Assume Tank considers the steps safety leaders can take to counter threats posed by nation state industrial espionage?
By
- Mike Gillespie and Ellie Hurst
Printed: 24 Mar 2025
DeepSeek, the Chinese language chatbot launched in January 2025, has made waves throughout the tech and safety world. With over 10 million downloads, its fast adoption raises an vital query: How a lot of this was pushed by real curiosity, and the way a lot was merely curiosity, with out totally understanding the implications? Might this widespread use be quietly introducing Chinese language supply code into company networks?
The preliminary outrage surrounding DeepSeek wasn’t nearly its capabilities, it was about its cost. The software program shocked the market by delivering high-level arithmetic, coding, and reasoning abilities akin to ChatGPT and different top-tier AI fashions, however at a fraction of the associated fee and with considerably fewer assets.
What can CISOs do? The reply is easy: what they need to already be doing when introducing any new software program, {hardware}, or AI. The core of cyber safety stays the identical – elevating consciousness, educating workers, and implementing basic safety measures. However with Chinese language expertise already deeply embedded in authorities, essential infrastructure, and companies, are we attempting to repair a leak after the dam has already burst? The truth is, we lack the time, abilities, and assets to untangle the extent of Chinese language tech in our methods.
So what makes DeepSeek completely different? Is it actually a singular threat, or is the media frenzy merely reminding us of the safety issues we’ve been conscious of all alongside? In any case, companies have lengthy been integrating expertise from a number of nation states – together with Russia – with out totally questioning the long-term penalties. Solely now are we stepping again to ask: Was this a good suggestion?
A knee-jerk, unilateral response from safety leaders – whereas well-intentioned – fails to account for the deeply interconnected nature of contemporary enterprise ecosystems. Sensible safety steps, corresponding to threat assessments, community segregation, vendor due diligence, and entry controls, ought to already be customary follow. However these measures ought to by no means be reactive; they need to be a part of an ongoing dialog earlier than any new expertise is launched.
Think about the compromised federal telephone system in the course of the Obama administration. A scarcity of due diligence meant officers believed they have been buying an American-built system – solely to later uncover it had been assembled within the US from Chinese language parts. The lesson? Due diligence issues, and it prices cash.
If safety is a precedence, then we should be prepared to put money into it – not simply in instruments and expertise, however in steady schooling and consciousness. The query isn’t whether or not DeepSeek is a threat. The actual query is: Are we lastly able to take safety severely?
