Security Concerns Raised Over DeepSeek's Connection to Chinese State-Owned Telecom

Uncovering a Potential Security Risk

A recent security analysis has revealed that DeepSeek, a rapidly growing Chinese artificial intelligence (AI) company, may have direct links to China Mobile, a state-owned telecommunications provider. The concern arises from computer code embedded within DeepSeek’s website, which appears to connect user login processes to China Mobile’s infrastructure.

According to cybersecurity researchers, the web-based login page of DeepSeek’s chatbot contains obfuscated script that, when decoded, shows connections to China Mobile. While DeepSeek has acknowledged storing user data within China in its privacy policy, this discovery suggests a more direct potential data link between the AI chatbot and the Chinese state.

China Mobile has long been a subject of U.S. national security scrutiny, with allegations of close ties to the Chinese military leading to sanctions and operational restrictions. Neither DeepSeek nor China Mobile has responded to inquiries regarding this revelation.

Deepening National Security Concerns

The growth of Chinese-controlled digital services has become a pressing concern for U.S. officials. The situation with DeepSeek mirrors previous national security debates surrounding TikTok, which faced bipartisan calls for a forced divestment from its Chinese parent company due to fears over potential data surveillance and influence operations.

DeepSeek’s rapid rise to prominence—topping app store downloads in the U.S.—has led to increasing scrutiny over how user data is managed and whether it is accessible to Chinese authorities. Security experts warn that generative AI systems pose a heightened risk, as users often enter sensitive personal and business information, which could be leveraged for intelligence gathering.

Independent Confirmation of Security Risks

The Canadian cybersecurity firm Feroot Security initially identified the China Mobile-linked code and shared its findings with The Associated Press (AP). To validate these findings, the AP consulted independent cybersecurity experts from the University of Calgary and the University of California, Berkeley, who confirmed that DeepSeek’s login system contains links to China Mobile’s authentication infrastructure.

While researchers did not observe data being transmitted to China Mobile during their testing, they emphasized that such transmissions may be active for certain users or specific login methods.

A Growing Pattern of Chinese Tech Scrutiny

DeepSeek’s connections to China Mobile have reignited concerns over foreign AI influence and data security. The U.S. Federal Communications Commission (FCC) banned China Mobile from operating in the U.S. in 2019, citing substantial security risks, and in 2021, the Biden administration imposed additional sanctions, restricting American investments in the company.

Security experts argue that the risks associated with DeepSeek may be even greater than those posed by TikTok, given that users interact with AI models in deeply personal and professional ways, potentially exposing sensitive data.

How DeepSeek’s Web Code Could Be Exploited

Feroot’s analysis found that DeepSeek’s web-based login triggers a fingerprinting process, which collects detailed device information. This technique is commonly used for security, verification, and advertising, but in DeepSeek’s case, it could facilitate tracking and data collection by Chinese authorities.

The security risks associated with AI-driven services extend beyond privacy concerns, as nation-state actors increasingly weaponize AI for cyber operations. Governments worldwide are moving to regulate AI companies to prevent foreign interference and unauthorized data collection.

Implications for the Future of AI and Cybersecurity

As AI-powered applications become more embedded in daily life and business operations, experts stress the need for greater transparency and security protocols to prevent unauthorized data access and misuse. The discovery of China Mobile-linked code in DeepSeek’s website underscores the broader geopolitical challenges in regulating and securing AI services.

Lawmakers in the U.S. and other countries are likely to continue investigating DeepSeek’s data practices and may propose further regulatory measures or restrictions to protect national security interests. Whether DeepSeek will face similar bans or restrictions as TikTok remains to be seen, but the growing scrutiny of Chinese AI companies is unlikely to fade anytime soon.