Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek’s Artificial Intelligence (AI) platform, citing security risks.
“Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security,” according to a statement released by Taiwan’s Ministry of Digital Affairs, per Radio Free Asia.
“DeepSeek AI service is a Chinese product. Its operation involves cross-border transmission, and information leakage and other information security concerns.”
DeepSeek’s Chinese origins have prompted authorities from various countries to look into the service’s use of personal data. Last week, it was blocked in Italy, citing a lack of information regarding its data handling practices. Several companies have also prohibited access to the chatbot over similar risks.
The chatbot has captured much of the mainstream attention over the past few weeks for the fact that it’s open source and is as capable as other current leading models, but built at a fraction of the cost of its peers.
But the large language models (LLMs) powering the platform have also been found to be susceptible to various jailbreak techniques, a persistent concern in such products, not to mention drawing attention for censoring responses to topics deemed sensitive by the Chinese government.
The popularity of DeepSeek has also led to it being targeted by “large-scale malicious attacks,” with NSFOCUS revealing that it detected three waves of distributed denial-of-service (DDoS) attacks aimed at its API interface between January 25 and 27, 2025.
“The average attack duration was 35 minutes,” it said. “Attack methods mainly include NTP reflection attack and memcached reflection attack.”
It further said the DeepSeek chatbot system was targeted twice by DDoS attacks on January 20 – the day on which it launched its reasoning model DeepSeek-R1 – and January 25 that averaged around one hour using methods like NTP reflection attack and SSDP reflection attack.
The sustained activity primarily originated from the United States, the United Kingdom, and Australia, the threat intelligence firm added, describing it as a “well-planned and organized attack.”
Malicious actors have also capitalized on the buzz surrounding DeepSeek to publish bogus packages on the Python Package Index (PyPI) repository that are designed to steal sensitive information from developer systems. In an ironic twist, there are indications that the Python script was written with the help of an AI assistant.
The packages, named deepseeek and deepseekai, masqueraded as a Python API client for DeepSeek and were downloaded at least 222 times prior to them being taken down on January 29, 2025. A majority of the downloads came from the U.S., China, Russia, Hong Kong, and Germany.
