The United States is taking a firm stance against potential cybersecurity threats from artificial intelligence (AI) applications with direct ties to foreign adversaries. On February 6, 2025, U.S. Representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL) introduced the bipartisan No DeepSeek on Government Devices Act, seeking to prohibit federal employees from using the AI-powered application DeepSeek on government-issued devices.
The move comes amid growing concerns that DeepSeek's generative AI capabilities pose a national security risk due to its direct links to the Chinese Communist Party (CCP) and China Mobile, a Chinese government-owned entity already banned by the U.S. Federal Communications Commission (FCC) for security concerns.
The proposed legislation follows new research findings indicating that DeepSeek is capable of sharing user data with China Mobile, which has close ties to the Chinese military. According to the press release announcing the bill, "Americans are sharing highly sensitive, proprietary information with DeepSeek—contracts, documents, and financial records. In the wrong hands, this data is an enormous asset to the CCP."
Congressman Gottheimer underscored the urgency of the issue, stating: "The Chinese Communist Party has made it abundantly clear that it will exploit any tool at its disposal to undermine our national security, spew harmful disinformation, and collect data on Americans. Now, we have deeply disturbing evidence that they are using DeepSeek to steal the sensitive data of U.S. citizens. This is a five-alarm national security fire."
Representative LaHood echoed these concerns, saying: "The national security threat that DeepSeek—a CCP-affiliated company—poses to the United States is alarming. DeepSeek's generative AI program acquires the data of U.S. users and stores the information for unidentified use by the CCP. Under no circumstances can we allow a CCP company to obtain sensitive government or personal data."
Cybersecurity professionals have validated these concerns, pointing to both the direct threats posed by DeepSeek and the broader risks associated with foreign-controlled AI applications.
Dave Gerry, CEO at Bugcrowd, remarked that "scrutiny of DeepSeek appears warranted given the likely connections back to the CCP, continued concerns around data privacy and leakage, and a recent security incident." He further noted that government and corporate leaders should at least consider a temporary removal of access while additional reviews are conducted.
According to Satyam Sinha, CEO and Co-Founder at Acuvity, this issue goes beyond DeepSeek and is part of a larger problem with AI applications originating from adversarial nations. "For the U.S. government, espionage is a daily challenge and exposing workers to GenAI services such as DeepSeek, which clearly state that data will reside in China and will be used to improve the models and services, is an obvious risk," he said.
Sinha further warned that GenAI services are under constant cyberattack, making them susceptible to credential theft and data exfiltration. He called for a more comprehensive strategy, arguing that "what we should be thinking about is the overall categories of risk, rather than just banning one trending AI service at a time."
Similarly, Stephen Kowski, Field CTO at SlashNext Email Security+, pointed to specific security flaws within DeepSeek that could be exploited by both nation-states and cybercriminals. He cited "hidden code capable of transmitting login credentials to China Mobile servers" as a particularly troubling discovery. Kowski also noted that several other nations, including Australia, Italy, Taiwan, and South Korea, have already implemented bans on DeepSeek, demonstrating the global recognition of its security risks.
The No DeepSeek on Government Devices Act is likely to gain bipartisan support, given the similar scrutiny faced by TikTok and Huawei in recent years. However, cybersecurity professionals warn that a broader, more proactive security framework is needed to address AI threats holistically, rather than reacting to one application at a time.
Sinha suggested that the U.S. government should implement stronger cybersecurity measures for all GenAI applications, stating, "By moderating the information that is initially shared, we can reduce the risk associated with GenAI applications, whether those risks stem from intended design or cyberattacks."
As AI continues to evolve, the intersection of national security, data privacy, and emerging technology will remain a critical issue. Whether or not the No DeepSeek on Government Devices Act becomes law, it is clear that government and industry leaders must develop more robust strategies to protect against AI-powered cyber threats.
[RELATED: Markets Plummet Amid Surprise AI Breakthrough from China's DeepSeek]
Follow SecureWorld News for more stories related to cybersecurity.