.png)
February 16, 2025
The Chinese AI application Deepseek is enjoying increasing popularity in the Apple and Google app stores. At the same time, however, security concerns are growing among authorities, data protection advocates, and cybersecurity experts. The focus of criticism is the handling of user data, the potential manipulation of the app for criminal purposes, and the question of access to this data by Chinese authorities.
Deepseek stores, according to its own statements, "keystroke patterns or rhythms". This procedure can be used to identify users. Experts from the German Federal Office for Information Security (BSI) point out that keystrokes within the app may also be recorded before they are sent. Storing the manner of keyboard input enables the creation of user profiles using artificial intelligence. The BSI considers this possibility to be problematic, at least for security-critical areas.
In comparison, the US competitor OpenAI claims not to actively search for personal data and not to use public data on the internet to create user profiles. However, the US Cloud Act obliges US companies to grant authorities access to data stored abroad.
Although the storage of input patterns by Deepseek is not equivalent to a keylogger, which records all keystrokes, an investigation by the US cybersecurity company Palo Alto Networks shows that Deepseek can be manipulated through targeted prompts, for example, to create scripts for extracting data from emails and Word documents. With further prompts, Deepseek was even able to produce keylogger code.
According to Palo Alto Networks, Deepseek lacks the security precautions of other AI models. The company's researchers were able to bypass existing protective mechanisms with little effort and generate malicious content. This process, known as "jailbreaking," highlights the application's security vulnerabilities.
Deepseek is obliged under Chinese law to store all data in the People's Republic of China. The Chinese National Intelligence Law also obliges the population and organizations to cooperate with the security authorities. This vaguely worded legal text is interpreted by many China observers as a right of access for the Chinese espionage apparatus to all data stored in China.
The data protection officer of Rhineland-Palatinate is preparing an audit procedure against Deepseek. Other German data protection supervisory authorities are expected to proceed in parallel. Since Deepseek has not appointed a legal representative in the EU, the company is already violating the EU General Data Protection Regulation. The Italian data protection authority GDDP already blacklisted Deepseek at the end of January.
German ministries, federal authorities, and large companies have taken comprehensive security precautions against cyberattacks, which also affect the use of artificial intelligence. For example, the Federal Ministry of the Interior has generally prohibited the use of external cloud services. Other ministries have issued similar regulations. Large companies like Wacker Chemie also protect their technology by prohibiting the use of Deepseek on company computers and devices. Some DAX companies only allow access to AI applications through the security gateways of their own systems to ensure the protection of company data.
Bibliographie: - t3n.de - t3n.de/news/deepseek-zensur-china-chat-gpt-rivale-1670488/ - t3n.de/news/ - t3n.de/tag/kuenstliche-intelligenz/ - itsicherheitnews.de/datenschuetzer-alarmiert-diese-risiken-birgt-die-beliebte-ki-app-deepseek/ - mdr.de/ratgeber/digitales/deepseek-zensur-106.html - t3n.de/tag/app-store/ - it-business.de/datenschutzrisiken-missbrauch-deepseek-ki-a-0081a94e5a31bfea6c0da97929696a89/ - t3n.de/tag/apps/