Artificial intelligence continues to reshape industries, and DeepSeek has emerged as a major player in the AI race. The model’s rapid rise to fame — becoming the most-downloaded free app on the U.S. iOS App Store and surpassing competitors like ChatGPT — is a testament to its appeal. By achieving advanced AI capabilities at a fraction of the cost of its competitors, DeepSeek has captured the interest of enterprises and startups alike.
However, DeepSeek’s success has also sparked concerns. U.S. lawmakers have raised national security and data privacy issues, leading to the introduction of the No DeepSeek on Government Devices Act to ban the app from federal devices. The controversy surrounding DeepSeek highlights a growing tension: how can enterprises take advantage of cost-efficient AI while ensuring data security and compliance with evolving global regulations?
DeepSeek’s Appeal
DeepSeek’s biggest draw is its cost-efficient, open-weight model, which significantly reduces AI deployment expenses. Unlike proprietary AI models, DeepSeek allows businesses to train and fine-tune models at a much lower cost. The company trained its model for just under $6 million—a stark contrast to the billions spent by U.S. tech giants.
This affordability has made DeepSeek attractive for certain enterprise use cases, particularly in coding assistants, internal knowledge exploration, and processing sensitive data in airtight environments (where no data exits company premises). Startups and academia are also leveraging the technology due to its accessibility and flexibility.
The Security Risks of DeepSeek
While DeepSeek presents similar security risks as other generative AI models, such as biases, hallucinations, and potential copyright infringements, it introduces unique concerns tied to its Chinese data centers. A few prominent risks include:
Data transparency and compliance risks: DeepSeek does not disclose its training data, making it difficult to assess potential biases or data rights issues. U.S. and European enterprises must consider regulatory compliance risks when handling sensitive data with an AI model hosted in China.
Code and security vulnerabilities: All AI-generated code must be tested for security, suitability, and IP protection, ensuring it does not include open-source components with restrictive licenses that could compromise proprietary rights. For DeepSeek specifically, its undisclosed training data raises concerns that it may replicate coding patterns with inherent security vulnerabilities.
Data storage and government access risks: DeepSeek stores user data in China, raising concerns about government intervention. Chinese data center providers must comply with local laws, which could allow authorities to access stored information. This concern has fueled calls for tighter AI regulations and influenced the decision to ban DeepSeek from U.S. government devices.
Mitigating Risks: AI Governance and Compliance Best Practices
Enterprises looking to integrate DeepSeek, or any AI model, must implement a responsible AI framework to ensure security, privacy, and compliance. Elements of this framework include:
Self-hosting AI models: Running DeepSeek in a closed environment to prevent external data access.
Using synthetic data or strong anonymization protocol: Deploying advanced synthetic data generation tools to simulate real datasets without exposing sensitive information or anonymizing data.
Implementing strict AI governance: Establishing internal policies to oversee AI model use, security testing, and compliance with international regulations.
Should Enterprises Build Their Own AI Models Instead?
One alternative to using DeepSeek’s API is for enterprises to develop their own AI models based on DeepSeek’s techniques. Given its open-weight nature, companies with the expertise to fine-tune AI models may opt for a self-hosted approach that eliminates risks tied to third-party data storage. By taking control of the AI development process, organizations can reduce their dependence on external providers and mitigate concerns related to data privacy and security.
This approach may also help enterprises increase compliance, as it allows businesses to fully control the AI training and inference process, ensuring that sensitive data remains within their own infrastructure. Additionally, developing an in-house model enables organizations to tailor AI capabilities to their specific needs, optimizing performance while maintaining strict security protocols.
Seeking Alternatives to Safehouse Data
AI innovation must not come at the expense of security. DeepSeek’s rise reflects the demand for affordable, high-performance AI, but enterprises must carefully weigh the risks. The model’s China-based data storage, undisclosed training data, and potential security vulnerabilities introduce compliance challenges that businesses cannot ignore.
In 2024 alone, the use of generative AI among enterprises increased by 71%. As the adoption of this technology accelerates, companies must prioritize cybersecurity strategies that include robust security frameworks, regulatory alignment, and ethical AI practices to harness the benefits of AI while mitigating risks.
Businesses that proactively address these risks will be best positioned to leverage AI safely and effectively in a rapidly evolving technology and regulatory landscape.
About the Author
Alix Melchy is the VP of AI at Jumio, where he leads teams of machine learning engineers across the globe with a focus on computer vision, natural language processing and statistical modeling. An experienced AI leader, Melchy has a passion for turning AI-innovation into enterprise-grade AI systems, fostering the responsible practice of AI and shaping a secure digital landscape.
Alix can be reached on LinkedIn and at his company’s website https://www.jumio.com/
