The United States is taking a firm stance against potential cybersecurity threats from artificial intelligence (AI) applications with direct ties to foreign adversaries. On 6 February 2025, US Representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL) introduced the bipartisan No DeepSeek on Government Devices Act, which seeks to prohibit federal employees from using the AI-powered application DeepSeek on government-issued devices.
See: https://redskyalliance.org/xindustry/deepseek-or-deepfake
The move comes amid growing concerns that DeepSeek's generative AI capabilities pose a national security risk due to its direct links to the Chinese Communist Party (CCP) and China Mobile, a Chinese government-owned entity already banned by the US Federal Communications Commission (FCC) for security concerns.
The proposed legislation follows new research findings indicating that DeepSeek can share user data with China Mobile, which has close ties to the Chinese military. The press release announcing the bill states, "Americans are sharing highly sensitive, proprietary information with DeepSeek contracts, documents, and financial records. In the wrong hands, this data is an enormous asset to the CCP."
Congressman Gottheimer underscored the urgency of the issue, stating: "The Chinese Communist Party has made it abundantly clear that it will exploit any tool at its disposal to undermine our national security, spew harmful disinformation, and collect data on Americans. Now, we have alarming evidence that they are using DeepSeek to steal the sensitive data of US citizens. This is a five-alarm national security fire."
Representative LaHood echoed these concerns: "The national security threat that DeepSeek, a CCP-affiliated company, poses to the United States is alarming. DeepSeek's generative AI program acquires US users' data and stores the information for unidentified use by the CCP. Under no circumstances can we allow a CCP company to obtain sensitive government or personal data."
Cybersecurity professionals have validated these concerns, pointing to the direct threats DeepSeek poses and the broader risks associated with foreign-controlled AI applications. Dave Gerry, CEO at Bugcrowd, remarked, "Scrutiny of DeepSeek appears warranted given the likely connections back to the CCP, continued concerns around data privacy and leakage, and a recent security incident." He further noted that government and corporate leaders should consider temporarily removing access while additional reviews are conducted.
According to Satyam Sinha, CEO and Co-Founder at Acuvity, this issue goes beyond DeepSeek and is a more significant problem with AI applications originating from adversarial nations. "For the US government, espionage is a daily challenge, and exposing workers to GenAI services such as DeepSeek, which clearly states that data will reside in China and be used to improve the models and services, is an obvious risk," he said.
Sinha further warned that GenAI services are under constant cyberattack, making them susceptible to credential theft and data exfiltration. He called for a more comprehensive strategy, arguing that "what we should be thinking about is the overall categories of risk, rather than just banning one trending AI service at a time."
Similarly, Stephen Kowski, Field CTO at SlashNext Email Security+, pointed to specific security flaws within DeepSeek that nation-states and cybercriminals could exploit. He cited "hidden code capable of transmitting login credentials to China Mobile servers" as a particularly troubling discovery. Kowski also noted that several other nations, including Australia, Italy, Taiwan, and South Korea, have already implemented bans on DeepSeek, demonstrating the global recognition of its security risks.
The No DeepSeek on Government Devices Act will likely gain bipartisan support, given the similar scrutiny faced by TikTok and Huawei in recent years. However, cybersecurity professionals warn that a broader, more proactive security framework is needed to address AI threats holistically rather than react to one application at a time.
Sinha suggested that the US government implement stronger cybersecurity measures for all GenAI applications, stating, "By moderating the information that is initially shared, we can reduce the risk associated with GenAI applications, whether those risks stem from intended design or cyberattacks."
As AI evolves, the intersection of national security, data privacy, and emerging technology will remain critical. Whether or not the No DeepSeek on Government Devices Act becomes law, government and industry leaders must develop more robust strategies to protect against AI-powered cyber threats.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
Comments