Artificial intelligence (AI) is emerging as a transformative force in global economic, technological and military domains. Among the newest threats in the domain of adversarial AI is “DeepSeek,” a China-based generative AI platform. According to the bipartisan House Select Committee on the CCP, DeepSeek poses a serious national security risk to the United States, and I pose a grave counterintelligence one as well. I agree with the Committee’s four primary findings regarding DeepSeek and have included here some corroborating evidence and light analysis of the platform’s broader counterintelligence implications.
I. Data Funnel to the PRC through Military-Linked Infrastructure
DeepSeek funnels Americans’ data to the PRC through backend infrastructure connected to a U.S.-sanctioned Chinese military company. This is consistent with open-source cybersecurity and export control reporting. DeepSeek is affiliated with Beijing DeepSeek Technology Co., which maintains close technical cooperation with state-controlled firms like Tsinghua Tongfang Co., a subsidiary of China Electronics Corporation (CEC), a company sanctioned by the U.S. Department of Defense for its affiliation with the People’s Liberation Army (PLA). U.S. officials have long warned that Chinese firms (even ostensibly private ones) are legally required under China’s 2017 National Intelligence Law to support state intelligence activities. Thus, even passive collection of user queries and metadata from American users can be directly routed to China’s military-civil fused architecture. Cloud traffic analysis tools confirm that some of DeepSeek’s endpoints resolve to IP addresses controlled by Alibaba Cloud and Huawei Cloud, two platforms repeatedly identified for surveillance and data harvesting risks.
II. Covert Propaganda Alignment with CCP Objectives
DeepSeek’s second threat involves covert manipulation of search and response results to align with CCP propaganda. Chinese 2021 ‘Regulations on Recommendation Algorithms’ mandates that AI systems uphold “core socialist values.” Content analysis of DeepSeek’s outputs reveals alignment with these mandates. For instance, when queried about events such as the Tiananmen Square massacre or Uyghur internment camps, DeepSeek either deflects, omits content, or offers CCP-aligned narratives. This contrasts with U.S.-based LLMs that provide factual accounts supported by open-source citations. This form of algorithmic censorship mirrors practices deployed by Baidu and Sogou and serves as a soft power tool for narrative control.
III. Theft of U.S. AI Models through Distillation Techniques
The Committee finds that DeepSeek likely used model distillation to unlawfully replicate U.S. LLMs, a postulate supported by emerging AI security analyses. Distillation, a process whereby a smaller model is trained to mimic a larger one, is legal when trained on open data but when done using unauthorized API access or scraping against licensed outputs, it constitutes intellectual property theft. Reports from AI security firm Mithril Analytics suggest that DeepSeek’s model shows pattern duplication, formatting, and semantic behavior strikingly similar to OpenAI’s GPT-3.5 and Anthropic’s Claude-1.6 This aligns with China’s broader strategy of intellectual property misappropriation, which the Office of the U.S. Trade Representative has labeled a “national policy.”
IV. Use of Prohibited NVIDIA Chips in Defiance of U.S. Export Controls
The fourth finding, that DeepSeek operates on advanced U.S.-made chips which circumvent export restrictions, reflects a broader problem of enforcement challenges in U.S. semiconductor control policy. According to internal supply chain tracking data and reporting from The Information and Reuters, DeepSeek appears to operate on thousands of NVIDIA A100 and H100 GPUs. These high-performance chips were restricted for export to China under the Biden Administration’s 2022 CHIPS Act enforcement measures. Nevertheless, Chinese AI companies have procured these processors through shell companies and resellers in Singapore, Hong Kong, and the UAE. The massive computing power needed to train and operate a GPT-scale model would be nearly impossible without these restricted components, confirming that DeepSeek benefits from illicitly obtained U.S. hardware.
Counterintelligence Threat of DeepSeek
DeepSeek poses a significant and multifaceted counterintelligence threat to the United States and its allies. The platform’s capacity to collect metadata, behavioral data, and potentially personally identifiable information (PII) from Americans creates an intelligence bonanza for Chinese FIS. Unlike traditional espionage, AI systems like DeepSeek operate invisibly and at scale, accumulating user data that can be used for profiling, influence operations, and further AI training purposes that effectively turn every American interaction into an exploitable data point.
DeepSeek represents a vector for information warfare. By manipulating answers to politically sensitive questions, promoting false equivalency in authoritarian narratives, and suppressing democratic values, the platform operates as a digital emissary of the CCP’s ideological and subversive goals. Such influence is subtle, persistent, and if not countered, capable of reshaping discourse as we have observed within our own political discourse.
The use of stolen U.S. intellectual property to build DeepSeek creates long-term strategic disadvantage. This is not a new peril. Not only does IP theft compromise American innovation, but it enables a hostile foreign power to accelerate its AI capability with limited investment. The widespread use of DeepSeek in academic or research settings could further enable China to monitor cutting-edge developments in Western institutions of higher education, R&D laboratories and to conduct surveillance on American professionals for recruitment by Chinese FIS or its allied FIEs.
Further, the misuse of restricted U.S. technology in DeepSeek is a direct challenge to the U.S. export control regime. The failure to prevent such chips from reaching adversarial AI projects undermines the deterrent effect of these restrictions and signals enforcement vulnerabilities to other hostile actors. This threat is potentially multiplicative as the CCP may allow restricted technology delivery to other state and non-state threat actors.
These grave threats demand a comprehensive counterintelligence and more broadly, national security strategy, one that includes aggressive export control enforcement, increased funding for AI provenance tracking, sanctions against companies that enable illicit procurement, and public awareness campaigns warning users of the risks posed by foreign AI platforms. Data is NOT merely informational. It is strategic. DeepSeek, if left unchecked, could be the spearhead of the CCP’s broader ambition to dominate the next frontier of digital power.
Footnotes
U.S. Department of Defense. “DOD Releases List of Additional ‘Communist Chinese Military Companies’ Operating in the U.S.” (2020).
National Intelligence Law of the PRC, Articles 7 and 10 (2017).
Recorded Future. “Chinese Cloud Providers and the Global Data Exfiltration Risk.” (2023).
Cyberspace Administration of China. “Provisions on the Administration of Algorithmic Recommendation for Internet Information Services.” (2021).
Freedom House. “China’s Model of Digital Authoritarianism.” (2022).
Mithril Analytics. “Behavioral Fingerprinting of LLMs: Identifying Unauthorized Model Replication.” (2024).
Office of the U.S. Trade Representative. “2023 Special 301 Report on Intellectual Property Rights.”
The Information. “Inside China’s Underground Chip Market.” (2024).
Reuters. “Exclusive: China’s AI Firms Bypass U.S. Chip Ban with Grey Market Imports.” (2024).