Dive Brief:

• Two members of the House Intelligence Committee on Monday urged governors across the country to ban the use of Chinese tech startup DeepSeek’s app on state government devices.
• In a joint letter, Reps. Josh Gottheimer (D-N.J.) and Darin LaHood (R-Il.) said DeepSeek’s artificial intelligence chatbot has raised “serious” data privacy and cybersecurity concerns, with recent research revealing that its code is directly linked to the Chinese government.
• “By using DeepSeek, users are unknowingly sharing highly sensitive, proprietary information with the CCP [Chinese Communist Party] — such as contracts, documents and financial records,” the lawmakers wrote. “In the wrong hands, this data is an enormous asset to the CCP, a known foreign adversary.” 

Dive Insight:

DeepSeek’s potential ties to the Chinese government are prompting growing alarms in the U.S. and other countries.

The startup’s terms of service state that user data is stored on servers in China and governed under Chinese law, which mandates cooperation with the country’s intelligence agencies.

Hidden within the app’s code is a built-in feature that allows it to send user data directly to the Chinese government, according to an ABC News report that was cited in the letter from Gottheimer and LaHood.

The letter was sent to 47 governors and Washington, D.C. Mayor Muriel Bowser, a LaHood spokesman told CFO Dive. Texas, Virginia, and New York have already banned the app from state-issued devices. 

In early February, Gottheimer and LaHood introduced a bill (H.R. 1121) to prohibit the use of DeepSeek’s product on federal devices. Similar legislation (S. 765) was introduced last week by a bipartisan group of senators.

Meanwhile, parts of the federal government, including the Pentagon and National Aeronautics and Space Administration, have already banned DeepSeek’s app, according to a roundup published by law firm Covington and Burling. Foreign governments that have banned it include South Korea, Taiwan and Italy, according to a BBC report.

DeepSeek rattled the tech industry earlier this year after the startup released an open-source AI model, known as R1, that it claimed was built at a low cost compared with U.S. rivals like ChatGPT. In late January, Nvidia posted a record market-cap loss as tech stocks were dumped by investors worried that DeepSeek might pose a threat to the dominance of AI leaders, Reuters reported.

Nvidia, Microsoft and Amazon Web Services are among tech giants that rushed to adopt DeepSeek’s open-source model after its sudden rise.

“Given the significant cost savings of starting with a model like DeepSeek, as opposed to companies having to pay for usage of solutions like OpenAI or Anthrophic, I expect other tech companies to continue to follow suit in that deployment model unless there is a wider ban at the federal level,” Mariano Nunez, CEO of cybersecurity firm Onapsis, said via email.

While embracing DeepSeek, major U.S. tech companies have rolled out their own versions with security assurances.

“If a company is accessing DeepSeek’s R1 model hosted at a cloud provider like Microsoft or AWS via an API [application programming interface], the risks are different from using the online version of the model hosted by DeepSeek itself,” Nunez said. “The company can decide that the data stays within the infrastructure of the cloud provider, rather than being sent automatically to DeepSeek’s servers in China.”

However, he said it’s still crucial when using any tool characterized as a safe R1 model to review the vendor’s policies, including whether it has any contractual data-sharing agreements with DeepSeek. In addition, he said companies should always implement their own privacy safeguards to ensure sensitive information is not inadvertently exposed.

A DeepSeek spokesperson could not immediately be reached for comment.