Chinese-Based DeepSeek AI Restricts New Sign-Ups Amid Cyberattacks and Growing Security Concerns

Chinese AI startup DeepSeek has rapidly gained traction in the artificial intelligence world, but with its rising popularity comes a growing set of challenges. The company has recently limited new user registrations due to what it describes as large-scale malicious attacks on its services. While existing users can continue accessing the platform, new sign-ups have been temporarily restricted.

The situation highlights the increasing security threats faced by AI platforms and raises concerns over the broader implications of AI security, privacy, and geopolitical tensions surrounding Chinese tech companies.

Cyberattacks Targeting DeepSeek

DeepSeek has not disclosed specifics about the nature of these attacks, but cybersecurity experts believe they could be a mix of distributed denial-of-service (DDoS) attacks, system prompt extractions, and jailbreak attempts aimed at bypassing content restrictions or manipulating AI behavior.

According to Stuart Millar, principal AI engineer at Rapid7, attackers could be testing DeepSeek’s responses to sensitive questions, trying to extract system prompts, or attempting to alter how the AI operates. A successful system prompt extraction could reveal proprietary instructions and potentially expose the AI’s vulnerabilities to further exploitation.

Cybersecurity researcher Erich Kron of KnowBe4 pointed out that such attacks could be motivated by various factors:

• Extortion – Attackers might demand ransom payments in exchange for halting disruptions.
• Corporate sabotage – Competitors could attempt to weaken DeepSeek’s reputation and market position.
• Investment protection – Entities invested in rival AI projects might see DeepSeek as a threat and seek to undermine it.

DeepSeek’s Meteoric Rise in the AI World

Founded in 2023, DeepSeek has quickly positioned itself as a major contender in the AI race. The company’s models, including DeepSeek-V3, have made headlines for their ability to compete with, and even surpass, Western AI models like OpenAI’s GPT and Meta’s LLaMA, while being trained at a fraction of the cost.

Its iOS chatbot app recently skyrocketed to the top of Apple's free app charts in the U.S. and the U.K., even surpassing OpenAI’s ChatGPT in popularity.

A major factor behind DeepSeek’s success is its efficiency. The company claims its DeepSeek-V3 model requires significantly fewer GPU hours compared to Silicon Valley counterparts. With U.S. sanctions restricting the sale of advanced AI chips to Chinese firms, this efficiency has become a critical competitive advantage.

Despite these technological breakthroughs, DeepSeek remains controversial due to its censorship policies and potential national security risks associated with its data storage practices.

Security Flaws and Privacy Concerns

DeepSeek has faced past security vulnerabilities, including a prompt injection exploit discovered by security researcher Johann Rehberger. This flaw could have allowed attackers to take over user accounts using a cross-site scripting (XSS) payload embedded in AI-generated responses.

Additionally, a recent threat intelligence report by Kela found that DeepSeek’s AI models are vulnerable to jailbreak attacks that enable them to generate unethical and illegal content, including:

• Ransomware code generation
• Fabrication of disinformation
• Step-by-step guides for making explosives and toxins
• Malware development instructions

These findings raise serious ethical concerns about how the AI could be misused if not properly secured.

Furthermore, DeepSeek's privacy policy reveals that user data—including device information, network details, and payment data—is stored on servers located in China. This has triggered concerns in Western countries, particularly the United States, where the U.S. Navy recently advised personnel to avoid using DeepSeek due to potential security and ethical risks.

The Italian data protection authority has also launched an investigation, demanding that DeepSeek clarify how it collects, stores, and processes user data. The company has 20 days to respond to questions regarding data sources, legal justifications for processing, and whether AI model training involves data scraping.

A New AI Rivalry Amid Geopolitical Tensions

DeepSeek’s emergence adds a new dimension to the global AI race, particularly as U.S.-China tech tensions continue to escalate. The AI community has taken notice, with OpenAI CEO Sam Altman calling DeepSeek’s reasoning model “impressive” and acknowledging it as a legitimate competitor.

Interestingly, NVIDIA’s Jim Fan noted that DeepSeek is “keeping the original mission of OpenAI alive” by focusing on open research and broad accessibility—a statement that subtly critiques OpenAI’s recent shift toward closed-source models.

China, meanwhile, has defended its stance on tech regulations, asserting that it allows global AI companies to operate as long as they follow local laws. However, concerns remain about how Chinese AI companies might be influenced by government regulations, censorship policies, and national security directives.

A Pivotal Moment for AI Security

DeepSeek’s rise demonstrates that China is making serious strides in AI development, but it also underscores the growing cybersecurity challenges AI companies face. Whether it’s malicious cyberattacks, privacy concerns, or geopolitical scrutiny, DeepSeek’s journey highlights the complex interplay between AI innovation, security, and global politics.

For users, these events serve as a reminder to be cautious about AI platforms that handle sensitive data, especially those with opaque privacy policies and potential security vulnerabilities. As AI continues to evolve, ensuring robust cybersecurity measures and transparent data practices will be crucial for companies looking to maintain user trust and global credibility.