Hacker working on computer showing cyber attack on Chinese AI company

Chinese AI Company Set Back By DeepSeek Cyber Attack

DeepSeek’s meteoric rise to the top of the AI assistant charts has been slowed somewhat by a large-scale cyber attack, which temporarily halted new registrations. As of February 1, the Chinese AI company’s status update page indicates that the issue has been identified and that a fix is being implemented.

The disruption has not prevented those with existing accounts from logging in and using the service normally. DeepSeek has yet to share any details about the attack, but some security researchers believe that it is a distributed denial-of-service (DDoS) targeting its “Web Chat” feature and API.

Cyber attack appears to be separate from mass records exposure

The DeepSeek-V3 chat platform temporarily suspended new registrations in response to the cyber attack, and for a time was restricting signups to users with a mainland China phone number (“+86” numbers). The service has continued to allow existing users in, though for at least some period of time Google credentials were required as a third-party verification method.

The Chinese AI company grabbed headlines in January when assorted benchmark tests put it on par with the leading generative AI apps, with the company seemingly coming out of nowhere to become a major player in the field. At the end of January, the DeepSeek AI Assistant app overtook ChatGPT as the most-downloaded app on Apple’s App Store. But that success has already created a roller coaster ride in a matter of weeks that goes beyond the cyber attack, to include allegations of IP theft and a separate breach that involved millions of records. A cybersecurity firm has also reported that it has been able to jailbreak the app’s safety guardrails and characterized it as being “significantly more vulnerable” than ChatGPT.

DeepSeek has shaken up the AI industry not just with its sudden popularity, but by seemingly delivering the same results as top competitors with far less data use. The development has prompted a far-reaching reassessment of the entire field of AI tools, which had been existing in something of a “bubble economy” of frenzied investment to date. The success of the Chinese AI company has threatened to undercut all that by vastly reducing the amount of financial outlay required to achieve high-level results. The issue also has a political component as the Biden administration made use of chip export bans in an attempt to maintain AI dominance over China’s developers, a tactic that may have been rendered irrelevant if cheaper chips can produce equivalent results.

The company is based in Hangzhou, was founded in 2023 and is part of the “High Flyer” investment group, though little is known about it beyond that. There has been speculation about involvement by the Chinese government given how the app answers questions with a political component, such as those about the Tiananmen Square incident or the Hong Kong protests of 2019. Some reporters have observed the app providing a detailed and neutral answer initially before erasing it and suggesting that the user ask about something else. Others have noted that known Beijing talking points appear in response to other queries about world events.

Chinese AI company navigating rough waters during its sudden popularity surge

While the Chinese AI company has sent shockwaves through the world with its performance, it may have some ground to make up in convincing users it is safe. The cybersecurity firm Kela recently reported that it was able to exploit several different flaws to jailbreak the model, running exploits that prompt it to create harmful content that have already been addressed in competing models. The researchers also noted a tendency for it to make up false information rather than admit it cannot find something.

There is some additional speculation, though without real evidence to support it, that the Chinese AI company is simply experiencing scaling issues and is covering for it by claiming a cyber attack. Comments on social media have made note of slower performance and more frequent warnings of “heavy traffic” since the chatbot started grabbing headlines and soaring up the “most downloaded” lists of the app stores. As Kevin Kirkwood, CISO at Exabeam, notes: “It’s interesting that Nvidia’s stock price has lost more than 17% per/share (so far) in trading under pressure from DeepSeek’s challenge in the AI segment who has stated that they introduced v3 for just under $6M. This includes the news that DeepSeek is suffering from a cyberattack and probably scalability issues. It appears that not only did DeepSeek skimp on the number of GPUs, but failed to design with security in mind. Back doors, open gateways, and other easily avoidable security flaws make this product a threat actor’s dream for compromising the data that a user puts into it.”

As to who might organize a DDoS cyber attack against DeepSeek, Dr. Ilia Kolochenko (CEO at ImmuniWeb, attorney-at-law and a Vice-Chair at the ABA’s Information Security Committee) believes rival companies can be ruled out: “Talking about nation-state-sponsored cyber-attacks, it is somewhat challenging to imagine geopolitical rivals of China deploying such strategically primitive techniques, which will highly unlikely have any long-term impact on DeepSeek, instead creating free publicity for it. Involvement of hacktivists is remotely possible, but we cannot clearly see here any usual motives of hacktivist groups – such as politics or military conflicts – behind attacking DeepSeek. A formal investigation report by DeepSeek will likely bring clarity about the incident. Most importantly, this incident indicates that while many corporations and investors are obsessed with the ballooning AI hype, we still fail to address foundational cybersecurity issues despite having access to allegedly super-powerful GenAI technologies. An overall disappointment in GenAI technologies is possible in 2025.”

DeepSeek also experienced an exposure of sensitive data, though this appeared to be from a misconfigured public-facing database rather than a cyber attack. That trove of data contained digital software keys and chat logs containing what appear to be user conversations. A cybersecurity firm hit upon it through scanning and reported it to the Chinese AI company, but said that it was so easy to find that it was likely others had also come across it.

Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka, notes that the open-source nature that seems to be fueling the Chinese AI company’s rapid innovation also presents unique security risks: “Open-source AI models like DeepSeek, while offering accessibility and innovation, are increasingly vulnerable to supply chain attacks triggered during large-scale cyberattacks. These attacks, where adversaries exploit the reliance on third-party dependencies, pre-trained models, or public repositories, can have severe consequences. Adversaries may tamper with pre-trained models by embedding malicious code, backdoors, or poisoned data, which can compromise downstream applications. Additionally, attackers may target the software supply chain by manipulating dependencies, libraries, or scripts used during model training or deployment. This can lead to systemic AI functionality corruption.”

Eric Schwake, Director of Cybersecurity Strategy at Salt Security, expands on the potential implications of an extended attack on DeepSeek’s API: “From an API security standpoint, these outages and cyberattacks emphasize the crucial need to safeguard AI-enabled applications and services. DeepSeek’s API presumably served a vital function in delivering its AI assistant, and the outages hint at possible vulnerabilities within the API that attackers may have exploited. Enterprises contemplating integrating AI models, particularly from fledgling startups, must prioritize API security. This involves performing comprehensive security evaluations, establishing robust authentication and authorization protocols, and maintaining ongoing vigilance for possible vulnerabilities. The swift embrace of AI models also brings up issues surrounding data privacy and intellectual property. Organizations should meticulously examine the terms of service for AI solutions, ensuring the protection and appropriate use of their data.”

And the ongoing drama involving the likes of TikTok and Temu cannot be ignored, as Gal Ringel (Co-Founder and CEO at Mine) notes: “Just in time for Data Privacy Day, the emergence of Chinese alternatives to ChatGPT, Deepseek, poses a critical security challenge for U.S. businesses that extends beyond previous concerns about consumer data privacy; it expands to the potential exposure of proprietary business information, trade secrets, and strategic corporate information. Just as TikTok raised red flags about personal data exposure, DeepSeek’s AI tools apply the same rules of risk to sensitive corporate information. Organizations must now urgently audit and track their AI assets to prevent potential data exposure to China. This isn’t just about knowing what AI tools are being used; it’s about understanding where company data flows and ensuring robust safeguards are in place so it doesn’t inadvertently end up in the wrong hands. The parallels to TikTok are striking, but the stakes may be even higher when considering the potential exposure of business data ending up in adversarial hands.”