The buzz in the AI and cyber world over the last 48 hours has a distinct giant-killer tone. Technology stocks took a sharp and unexpected nosedive Monday, with stalwarts Nvidia (NVDA) and Oracle (ORCL) tanking. This turbulence comes amid revelations that a small but ambitious Chinese startup, DeepSeek, has shaken up the industry with its rapid rise to prominence.
This month, the global AI landscape witnessed a seismic shift when DeepSeek announced it was temporarily suspending new registrations following a surge in demand for its AI assistant. The move, prompted by a cyberattack, coincided with the application becoming the top-rated free app on Apple’s App Store in the United States. As the company scrambled to address website outages and restore user access, this moment underscored more than just technical challenges—it highlighted DeepSeek’s emergence as a formidable contender in the AI domain.
Founded in Hangzhou in 2023, DeepSeek has emerged as a symbol of China’s advancing AI capabilities. The startup's AI assistant, powered by its proprietary DeepSeek-V3 model, promises high performance with remarkably low resource consumption. According to DeepSeek, its model rivals and surpasses the leading closed-source AI systems globally—a claim that has captivated Silicon Valley and rattled conventional perceptions of U.S. technological dominance.
“Tech breakthroughs rarely occur in a smooth or non-disruptive manner. Just as OpenAI disrupted the industry with ChatGPT two years ago, DeepSeek appears to have achieved a breakthrough in resource efficiency. This area has quickly become the Achilles' Heel of the industry,” says Mali Gorantla, Chief Scientist at AppSOC, noting that the startup was also hit by outages on its website after its AI assistant became the top-rated free application available on Apple's App Store in the United States. The company resolved issues relating to its application programming interface (API) and users' inability to log in to the website. The outages on Monday were the company's longest in around 90 days and coincided with their popularity. “Companies relying on brute force, pouring unlimited processing power into their solutions, remain vulnerable to scrappier startups and overseas developers who innovate out of necessity. By lowering the cost of entry, these breakthroughs will significantly expand access to massively powerful AI, bringing a mix of positive advancements, challenges, and critical security implications.”
The Unprecedented Rise of DeepSeek
DeepSeek’s rise coincides with a pivotal moment in global AI innovation. The company’s decision to offer its AI assistant for free, combined with its ability to operate on a fraction of the data and cost required by competitors, has introduced a disruptive dynamic to the market.
According to CBS News, DeepSeek is catching investors off guard by leveraging Nvidia's H800 chips because of the low development costs for its AI app, which Wedbush Securities analyst Dan Ives pegged at only $6 million. By comparison, according to Goldman Sachs, OpenAI, Google, and other major U.S. companies are on track to invest roughly $1 trillion in AI over the coming years.
While the accuracy of these cost claims has been questioned, the implications are profound: they challenge the effectiveness of U.S. export controls to restrict China’s access to advanced technology.
Andrew Bolster, Senior R&D Manager at Black Duck says the release of DeepSeek undeniably showcases the immense potential of open-source AI. Making such a powerful model available under an MIT license democratizes access to cutting-edge technology and fosters innovation and collaboration across the global AI community.
“However, DeepSeek’s rumored use of OpenAI Chain of Thought data for its initial training highlights the importance of transparency and shared resources in advancing AI. In the context of 'Open-Source AI,' it's crucial that the underlying training and evaluation data are open, as well as the initial architecture and the resultant model weights,” continues Bolster. “DeepSeek's achievement in AI efficiency of leveraging a clever Reinforcement Learning-based multi-stage training approach, rather than the current trend of using larger datasets for bigger models, signals a future where AI is accessible beyond the billionaire classes. Open-source AI, with its transparency and collective development, often outpaces closed-source alternatives in terms of adaptability and trust. As more organizations recognize these benefits, we could indeed see a significant shift towards open-source AI, driving a new era of technological advancement.”
Washington’s export controls have sought to prevent Chinese companies from acquiring high-performance chips crucial for AI model training. However, DeepSeek’s success with reportedly less powerful chips has sparked debates within the U.S. tech industry about the efficacy of these restrictions. This development highlights the resourcefulness of Chinese startups and raises questions about the future balance of AI leadership.
According to Eric Schwake, Director of Cybersecurity Strategy at Salt Security, DeepSeek's rapid rise and its R1 AI model highlight the potential for transformative changes in the AI landscape. While the company's claims of cost-efficiency are intriguing, the sudden spike in popularity, coupled with subsequent outages, cast doubt on the reliability and security of its AI model.
“From an API security standpoint, these outages and cyberattacks emphasize the crucial need to safeguard AI-enabled applications and services. DeepSeek's API presumably served a vital function in delivering its AI assistant, and the outages hint at possible vulnerabilities within the API that attackers may have exploited,” warns Schwake. “Enterprises contemplating integrating AI models, mainly from fledgling startups, must prioritize API security. This involves performing comprehensive security evaluations, establishing robust authentication and authorization protocols, and maintaining ongoing vigilance for possible vulnerabilities.”
He also warns that the swift embrace of AI models raises issues surrounding data privacy and intellectual property. Organizations should meticulously examine the terms of service for AI solutions to ensure their data's protection and appropriate use.
Open-Source Model and Cheaper Chips
The DeepSeek-V3 model’s capabilities and cost-efficiency have made it a standout in the AI community. Topping open-source model leaderboards demonstrates that cutting-edge performance is not solely the domain of well-funded Western tech giants. This achievement has left a lasting impression on U.S. tech executives, marking a potential inflection point in global AI competition.
DeepSeek’s meteoric rise is also significant for its broader implications on the AI ecosystem. With its focus on accessibility and efficiency, the company challenges the notion that high-performance AI requires exorbitant investment and infrastructure. This democratization of AI capabilities could reshape the competitive landscape, forcing incumbent players to rethink their strategies.
“The surge in DeepSeek's popularity, particularly overtaking ChatGPT on Apple's App Store, naturally attracts diverse threat actors ranging from hacktivists to sophisticated state-sponsored groups seeking to exploit or disrupt this emerging AI platform. At the same time, DDoS attacks are an obvious concern. The more insidious threats likely involve probing URL Parameters, API endpoints, and input validation mechanisms to manipulate or compromise the AI model's responses potentially,” Stephen Kowski, Field CTO at SlashNext Email Security+.
Kowski continues: “The motivations span from competitive intelligence gathering to potentially using the infrastructure as a launchpad for broader attacks, especially given the open-source nature of the technology. The high-profile success and advanced AI capabilities make DeepSeek an attractive target for opportunistic attackers and those seeking to understand or exploit AI system vulnerabilities.”
Potential Geopolitical Nightmare
However, DeepSeek’s sudden market growth has not been without challenges. The cyberattack that prompted the temporary suspension of new registrations underscores the security vulnerabilities rapidly scaling tech firms face. Additionally, the startup operates in a complex geopolitical environment, navigating U.S.-China tensions and the broader implications of technological export controls. These factors add layers of complexity to DeepSeek’s story, making its achievements all the more remarkable.
“Just in time for Data Privacy Day, the emergence of Chinese alternatives to ChatGPT, DeepSeek, poses a critical security challenge for U.S. businesses that extends beyond previous concerns about consumer data privacy; it expands to the potential exposure of proprietary business information, trade secrets, and strategic corporate information. Just as TikTok raised red flags about personal data exposure, DeepSeek’s AI tools apply the same rules of risk to sensitive corporate information,” says Gal Ringel, Co-Founder and CEO at Mine. “Organizations must urgently audit and track their AI assets to prevent potential data exposure to China. This isn't just about knowing what AI tools are being used; it's about understanding where company data flows and ensuring robust safeguards are in place so it doesn’t inadvertently end up in the wrong hands.”
Transparency Doesn’t Eliminate Threats
Trey Ford, Chief Information Security Officer at Bugcrowd sums up the frenetic day stating the obvious.
“Using their platform places all prompts and uploads on servers hosted in the PRC. It's nice to see this level of honesty and transparency in software and surrendering data sovereignty matters to people and companies. Creators' fingerprints are found in their products, and reports of free speech and worldview injection into responses are widely reported from the DeepSeek platform,” concludes Ford. “Users, such as citizens and enterprises, whether public or private sector, should reflect on both what they submit to a service and their ability to manage the worldview and perspective of responses provided effectively. The apparent involvement of nation-state-backed software and service offerings like these are worthy of reflection before use.”