Chinese AI firm DeepSeek ‘failed every security test’, cybersecurity expert warns

China’s newly released artificial intelligence (AI) engine, DeepSeek, “failed every compliance and security test”, experts have warned. 

William Priestley, sales engineer manager for data security firm Varonis, told delegates at Holyrood’s 2025 Public Sector Cyber Security Scotland event that DeepSeek's launch marked a week of “huge disruptive headlines” for the AI world. 

DeepSeek, which is already one of the world’s most downloaded apps since its unveiling, has been viewed as a competitor to US-based software such as OpenAI. 

The Chinese company’s latest AI model has received bans in Italy, Taiwan and Texas following concerns over cybersecurity and its links to China’s intelligence agencies. 

“Since researchers got hold of [DeepSeek], it basically failed every compliance and security validation,” Priestley said. “It doesn’t have the same guard rails that OpenAI has.” 

The release of DeepSeek-R1 coincides with growing worries about online safety and security in the AI era. 

A report by Censuswide and cybersecurity provider RiverSafe revealed significant concerns about AI among UK chief information officers (CISOs) last April. 

Speaking at the conference held at Edinburgh’s Dynamic Earth, Dan Jones, senior security advisor at system software company Tanium, said that UK organisations experience on average 130 cybersecurity breaches per year. 

He added that companies are facing “unprecedented damage” from cyber attacks. 

Most notably, NHS Dumfries and Galloway was targeted by hackers last May, with stolen patient data leaked online. 

Priestley said that the “blast radius” for compromised data is growing, which has been “compounded” by AI. 

DeepSeek, which Priestley described as a “huge challenge” for the technology sector, poses “severe” safety risks according to research from the University of Bristol. 

The report stated that the Chinese AI software can “unintentionally expose harmful information” that similar tools guards against. 

“Essentially people can now use this and create new malware, new emails, new reconnaissance – it just makes their job easier,” Priestley said. 

DeepSeek did not respond to a request for comment.