Security researchers have discovered computer code on the website of Chinese AI company DeepSeek, whose chatbot recently became the most downloaded app in the US, that could potentially send user login information to China Mobile, a state-owned telecommunications company barred from operating in the United States. The code, found within the chatbot’s web login page, connects to infrastructure owned by China Mobile and appears to be part of the account creation and login process. The code linking DeepSeek to one of China Mobile was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with news agency The Associated Press (AP).
This discovery is said to raise significant national security concerns for US officials, particularly given the increasing use of sensitive data in generative AI systems. Experts warn that this connection could expose personal and proprietary information, representing a potential intelligence goldmine for China. The implications are reportedly considered even greater than those associated with TikTok, as the information shared with AI systems often includes highly personal and sensitive business data.
Ban on China Mobile
The US Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing “substantial” national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military.
Feroot Security’s findings were reportedly verified by two academic cybersecurity experts who confirmed the presence of China Mobile code within DeepSeek’s login system. While testing in North America did not reveal data transfer to China Mobile, researchers could not rule out the possibility of such transfers for some users or under certain conditions. The analysis focused solely on the web version of DeepSeek; the mobile app, a top download on both Apple and Google app stores, was not analyzed.
“DeepSeek more dangerous than TikTok”
Experts like Ivan Tsarynny, CEO of Feroot, expressed disbelief that such a connection could be accidental, highlighting the numerous unusual aspects of the code. Stewart Baker, a former Department of Homeland Security and NSA official, emphasized that DeepSeek raises even greater concerns than TikTok, given the potentially more sensitive nature of the information involved. The code analysis suggests DeepSeek’s login process may capture detailed device information, a common practice for security and verification purposes. However, the link to China Mobile raises questions about how this information might be used.
