What is DeepSeek AI? Is it safe? Here's everything you need to know

Founded by Liang Wenfeng in May 2023 (and thus not even two years old), the Chinese startup has challenged established AI companies with its open-source approach. According to Forbes, DeepSeek's edge may lie in the fact that it is funded only by High-Flyer, a hedge fund also run by Wenfeng, which gives the company a funding model that supports fast growth and research. 

The startup made waves in January when it released the full version of R1, its open-source reasoning model that can outperform OpenAI's o1. Shortly after, App Store downloads of DeepSeek's AI assistant -- which runs V3, a model DeepSeek released in December -- topped ChatGPT, previously the most downloaded free app. DeepSeek R1 even climbed to the third spot overall on HuggingFace's Chatbot Arena, battling with several Gemini models and ChatGPT-4o; at the same time, DeepSeek released a promising new image model. 

Also: Perplexity lets you try DeepSeek R1 without the security risk

The company's ability to create successful models by strategically optimizing older chips -- a result of the export ban on US-made chips, including Nvidia -- and distributing query loads across models for efficiency is impressive by industry standards. 

Released in full on January 21, R1 is DeepSeek's flagship reasoning model, which performs at or above OpenAI's lauded o1 model on several math, coding, and reasoning benchmarks. 

Built on V3 and based on Alibaba's Qwen and Meta's Llama, what makes R1 interesting is that, unlike most other top models from tech giants, it's open source, meaning anyone can download and use it. That said, DeepSeek has not disclosed R1's training dataset. So far, all other models it has released are also open source. 

Also: I tested DeepSeek's R1 and V3 coding skills - and we're not all doomed (yet)

DeepSeek is cheaper than comparable US models. For reference, R1 API access starts at $0.14 for a million tokens, a fraction of the $7.50 that OpenAI charges for the equivalent tier. 

DeepSeek claims in a company research paper that its V3 model, which can be compared to a standard chatbot model like Claude, cost $5.6 million to train, a number that's circulated (and disputed) as the entire development cost of the model. Reuters reported that some lab experts believe DeepSeek's paper only refers to the final training run for V3, not its entire development cost (which would be a fraction of what tech giants have spent to build competitive models). Other experts suggest DeepSeek's costs don't include earlier infrastructure, R&D, data, and personnel costs.

One drawback that could impact the model's long-term competition with o1 and US-made alternatives is censorship. Chinese models often include blocks on certain subject matter, meaning that while they function comparably to other models, they may not answer some queries (see how DeepSeek's AI assistant responds to questions about Tiananmen Square and Taiwan here). As DeepSeek use increases, some are concerned its models' stringent Chinese guardrails and systemic biases could be embedded across all kinds of infrastructure. 

However, you can access uncensored, US-based versions of DeepSeek through platforms like Perplexity. These platforms have removed DeepSeek's censorship weights and run the model on local servers to avoid security concerns. 

Also: Is DeepSeek's new image model another win for cheaper AI?

In December, ZDNET's Tiernan Ray compared R1-Lite's ability to explain its chain of thought to that of o1, and the results were mixed. That said, DeepSeek's AI assistant reveals its train of thought to the user during queries, a novel experience for many chatbot users given that ChatGPT does not externalize its reasoning. 

Of course, all popular models come with red-teaming backgrounds, community guidelines, and content guardrails. However, at this stage, US-made chatbots are unlikely to refrain from answering queries about historical events. 

Data privacy worries that circulated on TikTok, the Chinese-owned social media app now somewhat banned in the US, are also cropping up around DeepSeek. 

Earlier this month, Feroot Security CEO Ivan Tsarynny told ABC that his firm had discovered "direct links to servers and to companies in China that are under the control of the Chinese government," which he said they "have never seen in the past."

Also: ChatGPT's Deep Research identified 20 jobs it will replace. Is yours on the list?

After decrypting some of DeepSeek's code, Feroot found hidden programming that can send user data, including identifying information, queries, and online activity, to China Mobile, a Chinese government-operated telecom company banned from operating in the US since 2019 due to national security concerns.

NowSecure recommended that organizations "forbid" the use of DeepSeek's mobile app after finding several flaws including unencrypted data (meaning anyone monitoring traffic can intercept it) and poor data storage.

Last week, research firm Wiz discovered that an internal DeepSeek database was publicly accessible "within minutes" of conducting a security check. The "completely open and unauthenticated" database contained chat histories, user API keys, and sensitive data.

Also: Why rebooting your phone daily is your best defense against zero-click hackers

"More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world," Wiz's report explained.

According to Wired, which initially published the research, though Wiz did not receive a response from DeepSeek, the database appeared to be taken down within 30 minutes of Wiz notifying the company. It's unclear how long it was accessible or if any other entity discovered the database before it was taken down. 

Even without this alarming development, DeepSeek's privacy policy raises some red flags. It states: "The personal information we collect from you may be stored on a server located outside the country where you live. We store the information we collect in secure servers located in the People's Republic of China."

Also: 'Humanity's Last Exam' benchmark is stumping top AI models - can you do any better?

The policy outlines that DeepSeek collects plenty of information, including but not limited to:

• IP address, unique device identifiers, and cookies
• Date of birth (where applicable), username, email address and/or telephone number, and password
• Your text or audio input, prompt, uploaded files, feedback, chat history, or other content that you provide to our model and services
• Proof of identity or age, feedback, or inquiries about your use of the Service [If you contact DeepSeek]

The policy continues: "Where we transfer any personal information out of the country where you live, including for one or more of the purposes as set out in this Policy, we will do so in accordance with the requirements of applicable data protection laws." The policy does not mention GDPR compliance.

Also: Apple researchers reveal the secret sauce behind DeepSeek AI

"Users need to be aware that any data shared with the platform could be subject to government access under China's cybersecurity laws, which mandate that companies provide access to data upon request by authorities," Adrianus Warmenhoven, a member of NordVPN's security advisory board, told ZDNET via email.

According to some observers, R1's open-source nature means increased transparency, allowing users to inspect the model's source code for signs of privacy-related activity. 

DeepSeek has also released smaller versions of R1, which can be downloaded and run locally to avoid any concerns about data being sent back to the company (as opposed to accessing the chatbot online). 

Also: ChatGPT privacy tips: Two important ways to limit the data you share with OpenAI

All chatbots, including ChatGPT, collect some degree of user data when queried via the browser. 

AI safety researchers have long been concerned that powerful open-source models could be applied in dangerous and unregulated ways once out in the wild. Tests by AI safety firm Chatterbox found DeepSeek R1 has "safety issues across the board". 

To varying degrees, US AI companies employ safety-oversight teams. DeepSeek has not publicized whether it has a safety research team, and has not responded to ZDNET's request for comment on the matter.

Also: We're losing the battle against complexity, and AI may or may not help

"Most companies will keep racing to build the strongest AI they can, irrespective of the risks, and will see enhanced algorithmic efficiency as a way to achieve higher performance faster," said Peter Slattery, a researcher on MIT's FutureTech team who led its Risk Repository project. "That leaves us even less time to address the safety, governance, and societal challenges that will come with increasingly advanced AI systems."

"DeepSeek's breakthrough in training efficiency also means we should soon expect to see a large number of local, specialized 'wrappers' -- apps built on top of DeepSeek R1 engine -- which will each introduce their own privacy risks, and which could each be misused if they fell into the wrong hands," added Ryan Fedasiuk, director of US AI governance at The Future Society, an AI policy nonprofit. 

Some analysts note that DeepSeek's lower-lift compute model is more energy efficient than that of US-built AI giants. 

"DeepSeek's new AI model likely does use less energy to train and run than larger competitors' models," said Slattery. "However, I doubt this marks the start of a long-term trend in lower energy consumption. AI's power stems from data, algorithms, and compute -- which rely on ever-improving chips. When developers have previously found ways to be more efficient, they have typically reinvested those gains into making even bigger, more powerful models, rather than reducing overall energy usage."

Also: $450 and 19 hours is all it takes to rival OpenAI's o1-preview

"DeepSeek isn't the only AI company that has made extraordinary gains in computational efficiency. In recent months, US-based Anthropic and Google Gemini have boasted similar performance improvements," Fedasiuk said. 

"DeepSeek's achievements are remarkable in that they seem to have independently engineered breakthroughs that promise to make large language models much more efficient and less expensive, sooner than many industry professionals were expecting -- but in a field as dynamic as AI, it's hard to predict just how long the company will be able to bask in the limelight." 

R1's success highlights a sea change in AI that could empower smaller labs and researchers to create competitive models and diversify options. For example, organizations without the funding or staff of OpenAI can download R1 and fine-tune it to compete with models like o1. Just before R1's release, researchers at UC Berkeley created an open-source model on par with o1-preview, an early version of o1, in just 19 hours and for roughly $450. 

Given how exorbitant AI investment has become, many experts speculate that this development could burst the AI bubble (the stock market certainly panicked). Some see DeepSeek's success as debunking the thought that cutting-edge development means big models and spending. It also casts Stargate, a $500 billion infrastructure initiative spearheaded by several AI giants, in a new light, creating speculation around whether competitive AI requires the energy and scale of the initiative's proposed data centers. 

Also: Anthropic offers $20,000 to whoever can jailbreak its new AI safety system

DeepSeek's ascent comes at a critical time for Chinese-American tech relations. Ironically, DeepSeek lays out in plain language the fodder for security concerns that the US struggled to prove about TikTok in its prolonged effort to enact a ban. 

Several US agencies, including NASA and the Navy, have banned DeepSeek on employees' government-issued tech, and lawmakers are trying to ban the app from all government devices, which Australia and Taiwan have already implemented. 

On March 7, the Wall Street Journal reported that the Trump administration is moving more definitively towards blanket-banning DeepSeek on all government devices, citing national security concerns. Other potential but still farther-off moves include removing DeepSeek from app stores in the US and limiting how cloud providers offer the startup's AI models. 

South Korea has banned new downloads of the DeepSeek app due to the company's recent failure to comply with local data protections, and Italy is investigating the company for concerns over GDPR compliance.