I have seen many articles lately claiming that DeepSeek is dangerous, DeepSeek can steal your data, DeepSeek spies on you. The problem is that too many of these are not clear about what they are referring to, or simply misunderstand: There is a significant difference in terms of risk between the model and the service.
- DeepSeek R1, the open-source model that the company released, and
- the services that Hangzhou DeepSeek Artificial Intelligence Basic Technology Research Co., Ltd. offer running this model, such as the website, mobile apps and API.
Let me try an analogy (somewhat):
- The Model, e.g., Deepseek R1
- This is the car blueprint. It might have defects and not be perfect. Everyone can look at it, test it, make sure it works well enough. But the blueprint won’t hurt you. It’s just a piece of paper. (well, it might blow your mind 🤯😄)
- The service, e.g., a website (ChatGPT), mobile apps (Siri) or API (Perplexity API), provided using this model
- This is the actual car made following the blueprint. The car manufacturer might have followed the blueprint, resolved some issues (e.g., biases), added software to track your driving habits (e.g., register prompts) or added a GPS tracker without you knowing (e.g., collect privacy information).
The same model can be used in very different ways. And many risks related to the car manufacturer, more so than the blueprint itself.
I hope this helps clarify things a little.
Now, let me look at the risk profiles:
| Risk | Deepseek R1 (Model) | Deepseek R1 run yourself | Deepseek R1 served by a trustworthy website, mobile apps or API provider | Deepseek R1 served by a website, mobile apps or API provider you don’t trust |
|---|---|---|---|---|
| Control | N/A - It’s open source, you can look at it. | 🟢 - Full control over model deployment, fine-tuning, and usage when self-hosted | 🟡 - It should be fine, but check these T&C’s. | 🔴 - Can disappear under you at any moment. |
| Privacy | N/A - The model itself don’t do anything. It can’t steal and exfiltrate data. | 🟢 | 🟡 - If your account information (name, email…) and input (prompts / uploaded documents) are treated privately like it should, there is no major risk. | 🔴 - All the information you type or upload could be siphoned by the provider. |
| Security | 🟡 - There is a minimal risk of having malicious reasoning that could then be injected into your own code/answers | 🟢 - if you don’t let the model connect elsewhere. Where is a theoretical possibility that the model could somehow hack itself out of its environment, but we’re not there (yet). | 🟡 - You rely on the provider’s security controls to protect your data. | 🔴 - This is particularly risky if the app has extended permissions on your device (looking at you, vibe-coders) |
| Bias / Censorship | 🟡 - Possible. | 🟡 - Same as Model | 🟡 - Same as Model | 🔴 - if the provider further filters the input or output. |
| Monitoring | N/A - It’s there, you can look at it. | No built-in monitoring - depends on implementation | Provider can monitor usage, implement rate limits, and track user behaviour | Provider can monitor usage, implement rate limits, and track user behaviour |
| Cost | N/A - It’s free and open source. | One-time cost of computing resources for deployment | Usually subscription or pay-per-use pricing models | Usually subscription or pay-per-use pricing models |
| Reliability | N/A | Dependent on the infrastructure you're running this on | Subject to provider uptime, server stability, and maintenance schedules | Subject to provider uptime, server stability, and maintenance schedules |
Conclusion
So, what's the takeaway? When you hear someone talking about the risks of DeepSeek (or any AI model), take a moment to ask: are they talking about the model itself, or the service running it? The distinction matters a lot.
The model is just the blueprint. It's the open-source code that anyone can inspect, test, and run on their own hardware. The real risks come from who's driving the car built from that blueprint, aka the service provider. That's where your data, privacy, and control are at stake.
If you're running it yourself, you're in the driver's seat. If you're using a trustworthy provider, you're probably fine, but always check the fine print. And if you're using a provider you don't trust? Well, you're essentially handing over the keys and hoping for the best.
Stay curious, stay critical, and don't let the hype cloud your judgement. The tech is exciting, but it's worth taking the time to understand what you're really signing up for.
Related
- Your AI Vendor Is Now a Critical Infrastructure Provider for treating AI providers as critical infrastructure
- Adding AI to your SaaS for the risks that come with third-party AI solutions
- Securing AI Initiatives for mapping AI risk to familiar security discipline