Drex dives into the latest cybersecurity concerns surrounding DeepSeek, a newly launched Chinese AI platform making waves in the tech world. While its capabilities rival top generative AI models, serious security risks have emerged, including U.S. user data being stored on Chinese servers, major privacy vulnerabilities, and a large-scale cyberattack forcing DeepSeek to limit new signups. Is this a game-changing moment in AI, or a wake-up call for cybersecurity?
Remember, Stay a Little Paranoid
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Hey, everyone. I'm Drex and. This is the 2 Minute Drill, where I cover three hot security stories twice a week, all part of the 229 cyber and risk community here at This Week Health. Today's 2 Minute Drill is brought to you by Interprise Health, a health catalyst company. You need to get all your leaders on the same page when prioritizing risk.
at Vive. They'll be in booth:DeepSeek, the new Chinese developed AI platform, has caused quite a buzz this week. The new AI model, DeepSeek R1, can apparently perform as well as OpenAI and other generative AI models, with training and operations costs reportedly being just a fraction of its competitors. It's also become one of the fastest growing, most downloaded apps in history.
That's the good news. Now, maybe the not so good news. Monday's DeepSeek release ignited what feels like an AI arms race. Within a few hours of its release, About a trillion dollars was wiped from the tech stock indexes with investors punishing U. S. and other international AI associated stocks. On the security side, though, there's also some other problem.
A vulnerability discovered yesterday included a publicly available database that contained highly sensitive information, not the least of which was a million lines of log streams, chat logs, API keys, and operational data. There's also the reality that DeepSeek is sending tons of U. S. user data directly to Chinese servers.
It actually says in the agreement, We store information we collect in servers located in the People's Republic of China. Also, earlier in the week, DeepSeek had to limit new signups because of, quote, a large scale malicious attack. I know some of you love to test out new technologies. We're all kind of enamored with the whole generative AI models over the past couple of years.
Everybody wants a new assistant. But here's my two cents after talking to several health care execs and tech execs this week. I'd say avoid downloading it at all at this point. You should realize that the data going to China includes text or audio inputs, any prompts that you ask. All the files you might upload for analysis, all the chat logs.
It also logs your device model and operating system and IP address and even your keystroke patterns. All that's a pretty good fingerprint of your online identity. And again, all the data is going to China and that means Regulation and management of privacy, all that's under Chinese jurisdiction, and that's probably not in alignment with what you'd expect from a U.
S. based company. It also means the Chinese government can compel companies like DeepSeek to turn over data without due process or your consent. If you do download it, make sure you read the privacy policy and the terms of use. Don't just click through. Seriously, the terms on this allow the company to share your data with law enforcement, its other operating groups, pretty much anything that you put into the model, they can pretty much do anything they want with that.
Don't put personal or private or business data into DeepSeek. Not yet, anyway. Maybe, never. And share this info with your staff, up and down the chain of command, and talk to your peers from other organizations, the ones you lean on and learn from. Without a doubt, this is cool new tech. And what we know about the business model so far could change everything.
In the late:This deep seek moment feels a lot like that Sputnik moment. Punch in the gut for American AI companies letting them know that they don't completely own this space. But don't let the new bright shiny object flying around the internet convince you or your healthcare team to do something rash. DeepSeek is an interesting opportunity, but please be thoughtful and judicious in any decision to download and use it.
DeepSeek. You can read them all at ThisWeekHealth. com slash news. Today's two minute drill was brought to you by Enterprise Health, a health catalyst company. Did you know that with Blueprint, you can pull risk data from all your tools into a single unified management platform? Then you can prioritize all that risk and assign work and track exceptions and drive accountability.
ome get a demo. At five Booth: