Posted on

The DeepSeek Threat: A Counterintelligence and National Security Concern

deepseek, intelligence, counterintelligence, espionage, counterespionage, export control, spy

Artificial intelligence (AI) is emerging as a transformative force in global economic, technological and military domains. Among the newest threats in the domain of adversarial AI is “DeepSeek,” a China-based generative AI platform. According to the bipartisan House Select Committee on the CCP, DeepSeek poses a serious national security risk to the United States, and I pose a grave counterintelligence one as well. I agree with the Committee’s four primary findings regarding DeepSeek and have included here some corroborating evidence and light analysis of the platform’s broader counterintelligence implications.

I. Data Funnel to the PRC through Military-Linked Infrastructure

DeepSeek funnels Americans’ data to the PRC through backend infrastructure connected to a U.S.-sanctioned Chinese military company. This is consistent with open-source cybersecurity and export control reporting. DeepSeek is affiliated with Beijing DeepSeek Technology Co., which maintains close technical cooperation with state-controlled firms like Tsinghua Tongfang Co., a subsidiary of China Electronics Corporation (CEC), a company sanctioned by the U.S. Department of Defense for its affiliation with the People’s Liberation Army (PLA). U.S. officials have long warned that Chinese firms (even ostensibly private ones) are legally required under China’s 2017 National Intelligence Law to support state intelligence activities. Thus, even passive collection of user queries and metadata from American users can be directly routed to China’s military-civil fused architecture. Cloud traffic analysis tools confirm that some of DeepSeek’s endpoints resolve to IP addresses controlled by Alibaba Cloud and Huawei Cloud, two platforms repeatedly identified for surveillance and data harvesting risks.

II. Covert Propaganda Alignment with CCP Objectives

DeepSeek’s second threat involves covert manipulation of search and response results to align with CCP propaganda. Chinese 2021 ‘Regulations on Recommendation Algorithms’ mandates that AI systems uphold “core socialist values.” Content analysis of DeepSeek’s outputs reveals alignment with these mandates. For instance, when queried about events such as the Tiananmen Square massacre or Uyghur internment camps, DeepSeek either deflects, omits content, or offers CCP-aligned narratives. This contrasts with U.S.-based LLMs that provide factual accounts supported by open-source citations. This form of algorithmic censorship mirrors practices deployed by Baidu and Sogou and serves as a soft power tool for narrative control.

III. Theft of U.S. AI Models through Distillation Techniques

The Committee finds that DeepSeek likely used model distillation to unlawfully replicate U.S. LLMs, a postulate supported by emerging AI security analyses. Distillation, a process whereby a smaller model is trained to mimic a larger one, is legal when trained on open data but when done using unauthorized API access or scraping against licensed outputs, it constitutes intellectual property theft. Reports from AI security firm Mithril Analytics suggest that DeepSeek’s model shows pattern duplication, formatting, and semantic behavior strikingly similar to OpenAI’s GPT-3.5 and Anthropic’s Claude-1.6 This aligns with China’s broader strategy of intellectual property misappropriation, which the Office of the U.S. Trade Representative has labeled a “national policy.”

IV. Use of Prohibited NVIDIA Chips in Defiance of U.S. Export Controls

The fourth finding, that DeepSeek operates on advanced U.S.-made chips which circumvent export restrictions, reflects a broader problem of enforcement challenges in U.S. semiconductor control policy. According to internal supply chain tracking data and reporting from The Information and Reuters, DeepSeek appears to operate on thousands of NVIDIA A100 and H100 GPUs. These high-performance chips were restricted for export to China under the Biden Administration’s 2022 CHIPS Act enforcement measures. Nevertheless, Chinese AI companies have procured these processors through shell companies and resellers in Singapore, Hong Kong, and the UAE. The massive computing power needed to train and operate a GPT-scale model would be nearly impossible without these restricted components, confirming that DeepSeek benefits from illicitly obtained U.S. hardware.

Counterintelligence Threat of DeepSeek

DeepSeek poses a significant and multifaceted counterintelligence threat to the United States and its allies. The platform’s capacity to collect metadata, behavioral data, and potentially personally identifiable information (PII) from Americans creates an intelligence bonanza for Chinese FIS. Unlike traditional espionage, AI systems like DeepSeek operate invisibly and at scale, accumulating user data that can be used for profiling, influence operations, and further AI training purposes that effectively turn every American interaction into an exploitable data point.

DeepSeek represents a vector for information warfare. By manipulating answers to politically sensitive questions, promoting false equivalency in authoritarian narratives, and suppressing democratic values, the platform operates as a digital emissary of the CCP’s ideological and subversive goals. Such influence is subtle, persistent, and if not countered, capable of reshaping discourse as we have observed within our own political discourse.

The use of stolen U.S. intellectual property to build DeepSeek creates long-term strategic disadvantage. This is not a new peril. Not only does IP theft compromise American innovation, but it enables a hostile foreign power to accelerate its AI capability with limited investment. The widespread use of DeepSeek in academic or research settings could further enable China to monitor cutting-edge developments in Western institutions of higher education, R&D laboratories and to conduct surveillance on American professionals for recruitment by Chinese FIS or its allied FIEs.

Further, the misuse of restricted U.S. technology in DeepSeek is a direct challenge to the U.S. export control regime. The failure to prevent such chips from reaching adversarial AI projects undermines the deterrent effect of these restrictions and signals enforcement vulnerabilities to other hostile actors. This threat is potentially multiplicative as the CCP may allow restricted technology delivery to other state and non-state threat actors.

These grave threats demand a comprehensive counterintelligence and more broadly, national security strategy, one that includes aggressive export control enforcement, increased funding for AI provenance tracking, sanctions against companies that enable illicit procurement, and public awareness campaigns warning users of the risks posed by foreign AI platforms. Data is NOT merely informational. It is strategic. DeepSeek, if left unchecked, could be the spearhead of the CCP’s broader ambition to dominate the next frontier of digital power.

~ C. Constantin Poindexter, MA in Intelligence Studies, Graduate Certificate in Counterintelligence, JD, NICCS/CICS Certified OSINT

Footnotes

U.S. Department of Defense. “DOD Releases List of Additional ‘Communist Chinese Military Companies’ Operating in the U.S.” (2020).

National Intelligence Law of the PRC, Articles 7 and 10 (2017).

Recorded Future. “Chinese Cloud Providers and the Global Data Exfiltration Risk.” (2023).

Cyberspace Administration of China. “Provisions on the Administration of Algorithmic Recommendation for Internet Information Services.” (2021).

Freedom House. “China’s Model of Digital Authoritarianism.” (2022).

Mithril Analytics. “Behavioral Fingerprinting of LLMs: Identifying Unauthorized Model Replication.” (2024).

Office of the U.S. Trade Representative. “2023 Special 301 Report on Intellectual Property Rights.”

The Information. “Inside China’s Underground Chip Market.” (2024).

Reuters. “Exclusive: China’s AI Firms Bypass U.S. Chip Ban with Grey Market Imports.” (2024).

Posted on

The Challenge of Spying on China

spy, spies, espionage, counterespionage, intelligence, counterintelligence,carlyle poindexter, constantin poindexter

The WSJ article on Wednesday (Challenge of Spying on China) is a sad reminder of the United States Intelligence Community’s apparent failure to accomplish any broad covert or clandestine penetration of the People’s Republic of China (PRC) in recent history. The lack of HUMINT human intelligence sources (HUMINT) with meaningful access and placement deprives us of insight into Chinese decision making, immediate strategic threat intelligence and perhaps more importantly, gravely impairs U.S. offensive counterintelligence operations.

Moving beyond the obvious difficulties with HUMINT operations within the PRC, reminiscent of the Cold War hostile operational environments, the Intelligence Community is overdue for a paradigm shift in human asset recruitment methodology. For the better part of the last century, the United States Intelligence Community relied on a steady flow of “walk-ins”, volunteers from opposing foreign intelligence services or governments that offered their countries’ secrets. Intelligence officers enjoyed a large degree of success based on a fairly global perception that Americans were the “good guys”, representatives of the land of fairness, equality and justice, qualities that stood in stark contrast to the ruthless and despotic republics from whence they came. Unfortunately, the mystique has faded leaving outsiders to wonder if the values that we promote to the world are nothing more than a hypocritical farce. Mass diffusion of the “Big Lie” throwing fair elections into question, an attempted coup d’etat by an outgoing president, and military involvement under highly questionable intelligence assessments erode the view once held that the United States is the “shining beacon to the oppressed”.

Chinese citizens enjoy a better standard of living than at any time in China’s history. China can rightfully boast that it is a world power and its population can justifiably be proud of its progress. Personal financial success and pride in country promote loyalty. That there is no broad internal rejection of onerous mass surveillance, social credit controls and ethnic cleansing as is the case with the Uyghurs, is a testament to the PRC’s ability to deny facts, deceive its population and prevent the import of non-PRC approved “truths” about freedom and justice within China. The Chinese cultural tendency to identify with the collective rather than the individual is likewise amplified by the PRC’s massive social control machine, with opposing or antagonistic perspectives effectively blocked by the Great Firewall or simply drowned out of public discourse by the volumes of Party-approved propaganda. The PRC’s strategy has created an environment that is more resistant to traditional intelligence recruitment techniques such as economic coercion, ideology exploitation and ego-stroking. Chinese intelligence service recruiters lean on the cultural affinity of ethnically Chinese living in the United States to turn them into spies, coerce them by alluding to what might become of their families living in China or deploy the time-tested technique of guanxi to achieve intelligence asset recruitments. United States intelligence officers do not enjoy a parallel or equivalent.

FBI Director Wray stated, “We’ve now reached the point where the FBI is opening a new China-related counterintelligence case about every 10 hours.” The threat is grave and our twentieth-century countermeasures, techniques and tradecraft are not appropriate for what many in the Intelligence Community deem the greatest threat to United States national security. Retooling, reimagining the intelligence recruitment cycle and modernizing the way that we approach the recruitment of sources is imperative.