If your business is using DeepSeek — or are thinking about adding this or any other AI-powered chatbot in the near future — then beware: you could be opening the gates to costly, and potentially catastrophic cyberattacks.
The Rise of DeepSeek
Let’s start by focusing on DeepSeek, which when it was unveiled in January 2025 (specifically, DeepSeek’s new reasoning model “R1”), was hailed as a game-changer for the AI industry. In fact, the glory of DeepSeek was so bright for investors, that many competitors saw historic drops in their stock market price — led by AI-chip leader Nvidia, which lost a staggering $600 billion US in market value in a single day (the fall was rooted in the claim that DeepSeek can operate much more efficiently than rivals like ChatGPT and Gemini).
Security Concerns
However, DeepSeek’s self-proclaimed technological triumph was short-lived; at least with respect to its iOS app (and probably Android app, as we will discuss further in this article).
Specifically, on February 6, researchers at mobile app security vendor NowSecure researchers published the findings of a comprehensive analysis that found several security and privacy risks in DeepSeek’s iOS app. These include:
- Unencrypted data transmission: The app sends sensitive data over the internet without encryption. This makes the data vulnerable to interception and manipulation.
- Weak and hardcoded encryption keys: The app breaks three established security rules. First, it uses outdated Triple DES encryption. Second, it reuses initialization vectors. Third, it hardcodes encryption keys.
- Insecure data storage: The app insecurely stores username, password, and encryption keys. This increases the risk of credential theft.
- Extensive data collection: The app collects user and device data. This can be used by cybercriminals to track users.
- Disabled iOS privacy controls: The app bypasses Apple’s security features. It also lacks mandatory privacy manifests, which increases user vulnerabilities to tracking and fingerprinting.
In addition, app users may be unaware that the data they transmit is sent to servers controlled by ByteDance, which is the Chinese company that owns TikTok. This raises concerns about data governance practices under Chinese jurisdiction, which include measures that are banned in other parts of the world, such as warrantless surveillance.
What You Should Do
If your organization currently uses DeepSeek for iOS, then NowSecure is urging you to stop immediately. Instead, you should try and find an alternative that offers similar functionality, but provides much better security, privacy, and data governance practices.
If dropping DeepSeek for iOS is not an option, then you should consider leveraging an open source model with a hosted solution, or deploying a self-hosting model.
What About DeepSeek for Android?
Since the warning focuses on DeepSeek iOS, this must mean that DeepSeek Android is safe, right? Unfortunately, the answer is (probably) no. NowSecure founder Andrew Hoog has said while his research team has not yet completed their analysis of DeepSeek for Android, he believes that the basic design will likely be functionally similar to the iOS version. If so, then most or all of the same vulnerabilities found in DeepSeek for iOS are present in DeepSeek for Android.
What About Other AI-Powered Chatbots?
The global AI-powered chatbot market size was estimated at USD 7.76 billion in 2024, and is expected to grow at a CAGR of 23.3% from 2025 to 2030. This means there will be many more products released in the months and years ahead. And while all of them (we hope) will not have the same vulnerabilities as DeepSeek, the fact is that early adopters are often used by vendors as volunteer beta testers. Is this ethical? No. It is common? Unfortunately, yet.
As such, our advice is to avoid downloading and installing the alleged “next big AI-powered chatbot” as soon as possible. Instead, wait for researchers to do some digging and analyzing. It is far better for them to discover flaws, than it is for users to encounter them — or worse, only learn about them after their data or identity has been stolen. Sometimes, it doesn’t pay to be the first in line. Taking a wait-and-see approach can be much wiser, and far less stressful.
Get Advice and Support from SRSS Technology
If you are using DeepSeek for iOS (or want to add it to your environment), then contact SRSS Technology today. We will help you protect yourself by leveraging an open-source model with a hosted solution, or by deploying a self-hosting model.
Alternatively, we can help you evaluate and choose a different AI-powered chatbot — one that is secure, and also functions as an efficient and reliable business communication tool. We are “vendor agnostic,” which means that we have no allegiance for any specific vendor or product. Our total focus is on what is best for our clients.
