In a startling revelation, cybersecurity researchers have uncovered that DeepSeek, a rapidly popular Chinese AI chatbot, contains hidden code potentially transmitting user login information to China Mobile, a state-owned telecommunications company with alleged ties to the Chinese military. This discovery has ignited significant concerns over data privacy and national security.

DeepSeek AI Faces Scrutiny Over Data Privacy and Security Concerns

DeepSeek, launched in January 2025, quickly became the most downloaded app on the U.S. iOS App Store, surpassing competitors like ChatGPT. Its swift rise to prominence has now been overshadowed by alarming security vulnerabilities.

Feroot Security, a Canadian cybersecurity firm, identified obfuscated code within DeepSeek’s web login page. When deciphered, this code revealed connections to infrastructure owned by China Mobile. The code appears to be part of the account creation and user login process for DeepSeek. This finding suggests that user data could be accessible to the Chinese government.

Deepseek has a direct link to China Mobile

DeepSeek’s privacy policy acknowledges that it stores data on servers within the People’s Republic of China. However, the direct link to China Mobile indicates a closer connection to Chinese state infrastructure than previously understood. The U.S. has previously cited substantial national security concerns about links between China Mobile and the Chinese state, leading to limited sanctions on the company.

Ivan Tsarynny, CEO of Feroot Security, expressed his concerns, stating, “It’s mindboggling that we are unknowingly allowing China to survey Americans and we’re doing nothing about it.” He emphasized the gravity of the situation, noting the unusual nature of the embedded code and its potential implications.

Further analysis by cybersecurity experts Joel Reardon of the University of Calgary and Serge Egelman of the University of California, confirmed the presence of code linking DeepSeek’s login system to China Mobile. While they did not observe data being transferred during their testing, they could not rule out the possibility for some users or login methods.

Users increasingly share sensitive information with AI systems

The implications of this discovery are profound. Users increasingly share sensitive information with AI systems, from personal details to confidential business data. The potential for such data to be accessed by a foreign government raises significant privacy and security concerns.

In response to these revelations, lawmakers have announced plans to introduce a bill to ban DeepSeek’s chatbot app from U.S. government devices. Representatives Darin LaHood and Josh Gottheimer are drafting the legislation, mirroring the 2022 ban of TikTok from government devices. The bill responds to analysis revealing that DeepSeek’s app could transmit user login information to China Mobile. U.S. agencies including the Navy and NASA, as well as Texas state, have already banned the app, joining countries like Australia, South Korea, and Italy in preventing its use on government systems. The legislation is expected to be introduced on Friday.

This situation underscores the need for rigorous scrutiny of foreign-developed applications, especially those originating from countries with adversarial relationships with the U.S. As AI technology becomes increasingly integrated into daily life, ensuring the security and privacy of user data remains paramount.

Users are advised to exercise caution when using AI applications and to stay informed about potential security risks associated with these platforms. The discovery of DeepSeek’s hidden code serves as a stark reminder of the complex challenges in the intersection of technology, privacy, and national security.