DeepSeek R1 Data Exposure and International Bans Over Privacy and Security Concerns (2025)

Incident Summary

In January 2025, Chinese AI company DeepSeek released its R1 reasoning model, which rapidly gained international attention for reportedly matching the performance of leading frontier AI models at significantly lower cost.^[3][4] Within days, security researchers at Wiz discovered that a DeepSeek ClickHouse database was publicly accessible on the internet, exposing over 1 million lines of data including user chat logs, API secret keys, backend operational details, and other sensitive information.^[1]

The exposed database was secured after Wiz notified DeepSeek, but the discovery intensified existing concerns about the company’s data handling practices.^[1] Italy’s data protection authority (Garante) blocked DeepSeek from processing Italian users’ data, citing insufficient responses to privacy inquiries.^[2][3] Multiple countries — including the United States, Australia, South Korea, and Taiwan — subsequently banned or restricted DeepSeek on government devices over concerns that user data could be transmitted to Chinese servers subject to China’s national intelligence laws, which require organizations to cooperate with state intelligence operations.^[4]

Key Facts

• Company: DeepSeek (Hangzhou DeepSeek Artificial Intelligence Co., Ltd.), a Chinese AI company
• Product: DeepSeek R1 reasoning model
• Data exposure: Publicly accessible ClickHouse database containing over 1 million lines of chat logs, API keys, and backend data
• Discovery: Wiz security research team
• Regulatory actions: Italy blocked the service; US, Australia, South Korea, and Taiwan banned or restricted DeepSeek on government devices
• National security concern: Data stored on Chinese servers subject to China’s national intelligence laws
• Company response: Database secured after Wiz notification

Threat Patterns Involved

Primary: Mass Surveillance Amplification — The concern that user data processed by DeepSeek is stored on servers subject to Chinese national intelligence laws — which require cooperation with state intelligence operations — raises the prospect of a foreign state gaining access to the conversational data of millions of non-Chinese users, constituting a potential mass surveillance vector.

Secondary: Model Inversion and Data Extraction — The exposed ClickHouse database, which contained over 1 million lines of user chat logs and API keys, demonstrated a concrete data extraction vulnerability resulting from inadequate infrastructure security practices.

Significance

1. Convergence of AI competition and national security. The DeepSeek incident illustrates how the global competition in AI development intersects with national security concerns, as the data handling practices of AI companies become vectors for geopolitical risk.
2. Infrastructure security failures in rapid AI deployment. The publicly accessible database containing user chat logs and API keys exposed fundamental security failures in DeepSeek’s infrastructure, suggesting that the company’s rapid global release outpaced its security preparedness.
3. Regulatory fragmentation across jurisdictions. The range of regulatory responses — from Italy’s outright block to various government device bans — demonstrates the absence of a coordinated international framework for addressing cross-border AI data privacy risks.
4. Data sovereignty as an AI governance issue. The incident elevated data sovereignty — where AI user data is stored and which legal jurisdiction governs access to it — as a central issue in AI governance, extending concerns previously associated with social media platforms (such as TikTok) to AI model providers.
5. Scale of potential exposure. The rapid global adoption of DeepSeek’s R1 model before the security vulnerabilities were discovered meant that a large volume of user data was potentially exposed or subject to foreign state access, magnifying the impact of the security failure.