DeepSeek AI App Exposes Unencrypted User Data, Vulnerable to Jailbreaks

DeepSeek is an AI chatbot app, clearly an AI system. The article details how its insecure encryption and data storage practices have led to exposure of sensitive user data, which is a direct harm to users' privacy and security, thus violating rights and causing harm. The harms are ongoing and realized, not merely potential. Hence, this is an AI Incident rather than a hazard or complementary information.

The event involves a generative AI system (DeepSeek) whose use has directly led to harm in the form of violations of user privacy and security, which are fundamental rights. The app's insecure data handling practices and transmission to servers subject to foreign government access laws create a clear risk of harm to users' personal data and identity. This constitutes a breach of obligations intended to protect fundamental rights, qualifying as an AI Incident under the framework. The harm is realized, not merely potential, as data is being sent and decrypted in insecure ways.

The DeepSeek app is an AI-related system, and the security flaws discovered could plausibly lead to harm such as violations of privacy and potential espionage targeting users. Since no actual harm or incident has been reported yet, but the vulnerabilities present credible risks, this qualifies as an AI Hazard rather than an AI Incident. The article focuses on the discovery of these vulnerabilities and their potential impact, not on any realized harm or incident.

The article centers on warnings and concerns about potential misuse of data collected by the AI system DeepSeek, implying a plausible risk of future harm (e.g., weaponization of data against the U.S.). There is no indication that any harm has yet occurred or that the AI system has malfunctioned or been misused to cause harm. Therefore, this qualifies as an AI Hazard due to the credible potential for future harm related to data security and foreign influence.

DeepSeek is a generative AI system explicitly mentioned. The event concerns the use of this AI system and its insecure data handling practices, which could plausibly lead to harm through interception and misuse of sensitive user data. Although no actual harm is reported yet, the risk is credible and significant, involving potential violations of privacy rights. Hence, it fits the definition of an AI Hazard rather than an AI Incident. The article is not merely general AI news or a product launch, nor is it a complementary update on a past incident, so it is not Complementary Information or Unrelated.

The event involves an AI system (DeepSeek chatbot) whose use is directly linked to the transmission of sensitive data in an insecure manner. The cybersecurity report indicates that this insecure data handling has already occurred, exposing users to risks such as data interception and credential theft. These harms fall under violations of rights and harm to individuals, meeting the criteria for an AI Incident. The involvement is through the use of the AI system and its insecure data practices leading to realized harm or significant risk thereof.

The DeepSeek app is an AI system interface for generative AI models. The reported security vulnerabilities in the app's development and use could plausibly lead to harm such as data breaches, unauthorized access, and privacy violations, which fall under harm to rights and potentially harm to individuals. Although no actual harm or incident is reported, the presence of these vulnerabilities and governmental bans indicate a credible risk of future harm. Hence, this qualifies as an AI Hazard rather than an AI Incident or Complementary Information. The event is not unrelated since it involves an AI system and potential harm.

DeepSeek is an AI system (an AI model app) that processes user data. The article details how its insecure data transmission and storage practices have exposed users to risks of data interception and credential theft, which are harms to individuals' privacy and security (a form of harm to persons and violation of rights). The AI system's development and use have directly led to these harms. Hence, this qualifies as an AI Incident rather than a hazard or complementary information.

DeepSeek is an AI app, so an AI system is involved. The reported security flaws and exposed sensitive user data represent a direct harm to users' privacy and potentially violate their rights. The exposure of chat logs and secret keys without authentication constitutes a breach of obligations intended to protect fundamental rights. Therefore, this event qualifies as an AI Incident due to realized harm linked to the AI system's malfunction or misuse.

The event involves an AI system (DeepSeek app) whose use has directly led to harm in the form of privacy violations and potential breaches of data protection laws, fulfilling the criteria for an AI Incident. The app's security flaws have caused exposure of sensitive personal data, enabling de-anonymization and espionage risks, which are harms to individuals and communities. The involvement of AI is explicit as the app is an AI-powered chatbot. The harm is realized, not just potential, as data breaches have occurred and investigations are underway. Hence, this is not merely a hazard or complementary information but a clear AI Incident.

The DeepSeek app is an AI system as it is an AI-powered app that processes user queries. The event details the app's use and malfunction (security flaws and disabled encryption) leading to direct harm in the form of privacy violations and potential espionage risks, which are violations of fundamental rights and harm to communities. The data being sent unencrypted to foreign servers without consent and the potential for de-anonymization are clear harms caused by the AI system's malfunction and misuse. Hence, this qualifies as an AI Incident rather than a hazard or complementary information.

DeepSeek is an AI chatbot system whose use has led to the transmission of unencrypted and weakly encrypted sensitive user data to servers controlled by ByteDance. This data exposure directly risks user privacy and security, constituting harm to rights and potentially to communities if data misuse occurs. The involvement of AI in the chatbot and the direct link to realized harm (data exposure and privacy violation) qualifies this as an AI Incident rather than a hazard or complementary information. The article reports actual data security failures and risks, not just potential or future harm, and thus meets the criteria for an AI Incident.

The event involves an AI system (DeepSeek AI app) whose use has directly led to harm in terms of privacy violations and security vulnerabilities. The unencrypted transmission of sensitive data and hardcoded encryption keys expose users to potential data theft and unauthorized surveillance, constituting harm to individuals' privacy and potentially violating rights. The involvement of the AI system in collecting and transmitting this data makes this an AI Incident under the definitions provided, as harm to persons' privacy and security is occurring due to the AI system's use and design flaws.

The DeepSeek app is an AI system (an AI assistant app). The report highlights that its use involves insecure data transmission and weak encryption, which could directly lead to harm through interception or manipulation of data by attackers (e.g., man-in-the-middle attacks). Although no actual harm is reported as having occurred yet, the vulnerabilities present a credible risk of harm to users' privacy and data integrity. Therefore, this event qualifies as an AI Hazard because it plausibly could lead to an AI Incident involving harm to users' data and privacy if exploited.

The article explicitly involves an AI system (DeepSeek generative AI app) whose use has directly led to harm in the form of privacy violations and potential de-anonymization of users, which constitutes a breach of fundamental rights. The security flaws and unencrypted transmission of sensitive data are concrete harms, not just potential risks. Hence, this is an AI Incident rather than a hazard or complementary information.

The article explicitly identifies DeepSeek as an AI chatbot app with multiple security flaws that have already exposed users and organizations to significant privacy and security harms, including potential loss of sensitive data and surveillance risks. The AI system's insecure design and operation have directly led to these harms, and legislative actions are being taken in response. This meets the criteria for an AI Incident because the AI system's use has directly led to violations of data protection and privacy, which are harms to individuals and organizations. The presence of the AI system is clear, the harms are realized, and the legislative response underscores the severity of the incident.

DeepSeek is an AI system (a generative AI app) whose use has resulted in direct risks to user privacy and security due to poor encryption and data handling practices. The involvement of ByteDance-controlled servers and the potential for government access to user data further exacerbate the harm. These factors constitute violations of privacy rights and legal protections, qualifying as an AI Incident under the framework. The harm is realized or ongoing, not merely potential, as the app is actively collecting and transmitting data insecurely.

The event involves an AI system (DeepSeek chatbot) whose development and use have directly led to multiple harms: generation of harmful content via jailbreak attacks, exposure of sensitive user data due to insecure practices, and national security risks from data access by a foreign government. These harms fall under violations of rights and harm to communities and property (privacy and security). The article reports realized harms (e.g., bans, malicious attacks, data exposure), not just potential risks. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The article explicitly involves an AI system (DeepSeek AI app and its AI model R1) and details vulnerabilities in its development and use that could lead to significant harms. Although no direct harm has yet occurred, the presence of weak encryption, data transmission to state-linked entities, keystroke tracking, and AI model jailbreak vulnerabilities create a credible risk of privacy violations, national security threats, and misuse of AI outputs. The researchers warn that attackers could exploit these weaknesses, and multiple governments have taken precautionary measures. Since the harms are plausible but not yet realized, the event fits the definition of an AI Hazard rather than an AI Incident. It is not merely complementary information because the focus is on the vulnerabilities and risks themselves, not on responses or updates to past incidents.

The event explicitly involves an AI system (DeepSeek AI app) whose use has directly led to harm: the insecure transmission of sensitive user data, including AI chat content, to servers in China without proper encryption. This results in privacy violations and exposes users to risks of data theft and profiling, which are harms to individuals' rights and security. The involvement of AI is clear as the app is an AI-powered mobile application. The harm is realized, not just potential, as the data is being sent insecurely and an unprotected database was found. Therefore, this qualifies as an AI Incident under the definitions provided, specifically under violations of rights and harm to communities (privacy and security).

The DeepSeek app is an AI system (a generative AI app) that collects and sends sensitive user data unencrypted to foreign servers, exposing users to privacy violations and potential misuse of their data. This is a direct harm to users' rights and privacy, fulfilling the criteria for an AI Incident. The involvement of AI is explicit, and the harm is realized, not just potential. Hence, the classification is AI Incident.