·
Compare LLM Model vs LLM Service
The risk profile of AI models and the providers running them are different. Learn how to correctly evaluate them
I keep seeing "DeepSeek is dangerous / steals your data / spies on you" takes that never say which DeepSeek they mean.
There is a large gap between:
- DeepSeek R1, the open-source model they released, and
- the services Hangzhou DeepSeek Artificial Intelligence Basic Technology Research Co., Ltd. run on top of it - website, apps, API.
Rough analogy:
- The model is the blueprint. You can inspect it, test it, fork it. Paper does not siphon your prompts by itself.
- The service is the car built from that blueprint. Same model, different operator: logging, retention, filters, device permissions, and whether the whole thing vanishes tomorrow.
Same weights. Very different risk.
| Risk | DeepSeek R1 (model) | R1 self-hosted | R1 via a provider you trust | R1 via a provider you do not trust |
|---|---|---|---|---|
| Control | N/A - open source, inspectable | Full control over deploy and use | Check the T&Cs; you still depend on them | They can shut it off or change it under you |
| Privacy | Model alone cannot exfiltrate | Stays with your stack if you keep it offline | Account data and prompts are only as private as their handling | Everything you type or upload is in play |
| Security | Some risk of hostile reasoning in outputs | Strong if you do not let it call out | You inherit their controls | Worse if the app has broad device permissions |
| Bias / censorship | Possible in the weights | Same as the model | Same, plus provider filters | Provider can filter harder |
| Monitoring | You can look at the weights | Whatever you build | Provider can log, rate-limit, and profile use | Same, with less reason to trust them |
| Cost | Free weights | Compute you pay for | Subscription or usage pricing | Same shape, worse trust |
| Reliability | N/A | Your infrastructure | Their uptime and maintenance | Their uptime - and their incentives |
When someone warns you about DeepSeek - or Claude, or Llama - ask which column they are talking about. The blueprint, or the driver.
Find this on LinkedIn and give it a thumbs up: Compare LLM Model vs LLM Service
Related
- Your AI Vendor Is Now a Critical Infrastructure Provider for treating AI providers as critical infrastructure
- Adding AI to your SaaS for the risks that come with third-party AI solutions
- Securing AI Initiatives for mapping AI risk to familiar security discipline
Olivier Reuland