DeepSeek data risk is spreading inside Western companies. Employees in the US and UK increasingly turn to Chinese-built GenAI tools such as DeepSeek and Moonshot Kimi without security approval. These platforms reveal little about where they store input or how they reuse it. That opacity fuels fears of surveillance, IP theft, and corporate espionage.
Harmonic Security’s 30-Day Study
Cybersecurity firm Harmonic Security tracked 14,000 users across several firms for one month. The team found that 1 in 12 employees sent data to Chinese GenAI apps. Each company uploaded an average of 1.2 MB of text—plenty for code snippets or internal docs.
“All data submitted should be considered property of the Chinese Communist Party,” warned CEO Alastair Paterson.
What Data Is Leaking?
Analysts logged 535 sensitive leaks among 1,059 GenAI users. DeepSeek caused 85 % of incidents. The leaked content broke down as:
- Code and dev artifacts: 33 %
- M&A data: 18.2 %
- PII: 17.8 %
- Financial records: 14.4 %
- Customer data: 12.0 %
- Legal documents: 4.9 %
Developers lead the trend, pasting source code, API keys, and system details into foreign models to speed up tasks.
Why Staff Still Choose Chinese GenAI
Chinese tools often outperform US rivals on certain tasks. That edge keeps users coming back, even when companies try to block access. Hard bans rarely work; employees bypass controls with personal devices or web proxies.
Rising Government Pushback
Lawmakers are reacting. A bipartisan US bill aims to bar federal agencies from Chinese AI models. Germany pulled DeepSeek from app stores, and Australia and Italy banned it on government devices. Taiwan followed suit this month.
Conclusion
DeepSeek’s performance tempts workers, yet the DeepSeek data risk is real. Invisible uploads hand foreign servers the keys to codebases, customer files, and strategic plans. Security teams must move beyond blanket blocks. Clear policies, tight monitoring, and frank user education are the best defense against the quiet creep of unsanctioned Chinese GenAI.
0 responses to “DeepSeek Data Risk Hits Enterprise Networks”