Disclosing confidential data at work is akin to physically distributing and surrendering sensitive documents.
In the ever-evolving world of artificial intelligence (AI), one particular tool has stirred up significant controversy – DeepSeek. The free AI application, with origins in China, has caused a major stir in the tech industry, prompting concerns over data sovereignty, security, and privacy.
The risks associated with DeepSeek are so high that a third (34%) of Chief Information Security Officers (CISOs) have banned the tool within their workplaces. These concerns are not unfounded; Cisco researchers have warned that DeepSeek R1 contains "critical security flaws" that leave it vulnerable to misuse by attackers.
The potential dangers of DeepSeek are not lost on the UK government. A majority of respondents in Absolute Security's report believe the UK government should play a more active role in protecting against these risks. In fact, 80% of UK CISOs and other security leaders demand urgent government regulation to mitigate risks such as IP theft, cyberattacks, and violations of data sovereignty.
The calls for regulation are not just coming from the UK. Countries such as Germany, South Korea, and Australia have cracked down on the use of DeepSeek within their regions. The US government is also reportedly considering a ban on DeepSeek.
In response, many organizations are taking matters into their own hands. HR and compliance teams could formalize government recommendations as company policy, potentially enforcing a ban on DeepSeek internally. Internal policies often formalize such bans to curb "shadow AI" usage.
However, the ban on DeepSeek does not mean a complete halt on AI adoption. Security experts recommend providing employees with a clear list of approved AI tools from trusted, data-governed providers (e.g., Microsoft, Google) for workplace use, to reduce unregulated use. Having the right talent is an absolute necessity for successful AI implementation.
The AI skills gap across all regions is a major issue, with CISOs allocating budgets to address this issue. Running internal challenges and competitions can encourage safe AI uptake among staff.
The broader regulatory landscape is also expanding. Data Protection Officers (DPOs) are tasked to conduct risk and impact assessments on AI tools, aligning GDPR and new AI Act requirements, especially for high-risk tools like DeepSeek. Specific regional AI workforce and governance frameworks are also expanding.
The movement for AI regulation is not just limited to tech leaders and government bodies. Unions have joined the movement, pushing for AI to be regulated in workplace contracts to protect workers' rights and prevent unfair use of AI for discipline or surveillance.
In summary, the prevailing approach is caution and controlled use. Many organizations restrict or ban DeepSeek due to data sovereignty and security risks, advocate for clear regulatory oversight, and encourage adoption of vetted AI tools with robust data protection measures until comprehensive governance frameworks mature. The DeepSeek bombshell has been a wakeup call for US tech giants, highlighting the need for strict regulation and transparency in the AI industry.
- Given the critical security flaws found in DeepSeek R1, many organizations strive to maintain robust cybersecurity infrastructure by banning the tool internally and advocating for the use of technology from trusted providers with strong data governance.
- As DeepSeek triggers calls for regulation and raises concerns about data sovereignty, security, and privacy, unions have joined the movement, advocating for the inclusion of AI regulation in workplace contracts to protect workers' rights and prevent unfair use.
