Will DeepSeek drive us to take software safety significantly?
DeepSeek, the Chinese language chatbot launched in January 2025, has made waves throughout the tech and safety world. With over 10 million downloads, its fast adoption raises an necessary query: How a lot of this was pushed by real curiosity, and the way a lot was merely curiosity, with out totally understanding the implications? May this widespread use be quietly introducing Chinese language supply code into company networks?
The preliminary outrage surrounding DeepSeek wasn’t nearly its capabilities, it was about its value. The software program shocked the market by delivering high-level arithmetic, coding, and reasoning abilities corresponding to ChatGPT and different top-tier AI fashions, however at a fraction of the fee and with considerably fewer sources.
What can CISOs do? The reply is straightforward: what they need to already be doing when introducing any new software program, {hardware}, or AI. The core of cyber safety stays the identical – elevating consciousness, educating workers, and implementing basic safety measures. However with Chinese language expertise already deeply embedded in authorities, crucial infrastructure, and companies, are we attempting to repair a leak after the dam has already burst? The truth is, we lack the time, abilities, and sources to untangle the extent of Chinese language tech in our techniques.
So what makes DeepSeek completely different? Is it really a singular danger, or is the media frenzy merely reminding us of the safety issues we’ve been conscious of all alongside? In spite of everything, companies have lengthy been integrating expertise from a number of nation states – together with Russia – with out totally questioning the long-term penalties. Solely now are we stepping again to ask: Was this a good suggestion?
A knee-jerk, unilateral response from safety leaders – whereas well-intentioned – fails to account for the deeply interconnected nature of recent enterprise ecosystems. Sensible safety steps, corresponding to danger assessments, community segregation, vendor due diligence, and entry controls, ought to already be customary follow. However these measures ought to by no means be reactive; they need to be a part of an ongoing dialog earlier than any new expertise is launched.
Take into account the compromised federal cellphone system throughout the Obama administration. An absence of due diligence meant officers believed they have been buying an American-built system – solely to later uncover it had been assembled within the US from Chinese language elements. The lesson? Due diligence issues, and it prices cash.
If safety is a precedence, then we should be keen to put money into it – not simply in instruments and expertise, however in steady training and consciousness. The query isn’t whether or not DeepSeek is a danger. The true query is: Are we lastly able to take safety significantly?
