Researchers find embedded code in DeepSeek linking it to Chinese state telco

DeepSeek, a Chinese AI company, has embedded code in its website that could potentially transmit user login data to China Mobile, a state-owned telecom company banned from US operations.

Key findings: Security researchers discovered concerning code within DeepSeek’s web login interface that creates a possible data pipeline to China Mobile.

• The code, first identified by Feroot Security and later verified by independent experts, appears integrated into the account creation and authentication system
• While testing in North America showed no active data transfers, researchers cannot definitively rule out data transmission for users in other regions
• The investigation focused solely on DeepSeek’s web platform, not its mobile application

Security implications: The discovery raises significant concerns about data privacy and national security, particularly given China Mobile’s established connections to the Chinese government.

• China Mobile has previously faced US sanctions due to its ties to the Chinese military
• DeepSeek’s privacy policy acknowledges data storage on Chinese servers, but the China Mobile connection suggests deeper state involvement than previously known
• Users regularly input sensitive personal and business information into AI chatbots, making any potential data collection particularly concerning

Corporate response: The situation remains unclear as key stakeholders have not provided clarification about the discovered code.

• Both DeepSeek and China Mobile have not responded to requests for comment about the nature and purpose of the code
• The lack of transparency about data handling practices adds to existing concerns about Chinese tech companies’ relationships with state entities

Technical context: The web login architecture raises questions about user data protection and sovereignty.

• Security experts emphasize that the mere presence of such code creates potential vulnerabilities
• The implementation bears similarities to other cases where Chinese companies have faced scrutiny over data collection practices
• The findings highlight the challenge of maintaining data privacy in cross-border digital services

Looking ahead: This discovery may accelerate the ongoing debate about international AI governance and data sovereignty, potentially leading to increased scrutiny of foreign AI companies operating in sensitive markets. The situation also underscores the growing complexity of managing global AI services while protecting national security interests.