South Korean National Intelligence Service Uncovers Multiple Security Issues in Chinese-Built AI Service

The National Intelligence Service (NIS) of South Korea recently conducted a comprehensive security inspection of DeepSeek, a generative AI service developed in China. The inspection identified several critical security concerns, including excessive personal data collection.

As DeepSeek’s use has increased in South Korea, the NIS took action to assess the service’s security. Their investigation revealed troubling issues such as collecting excessive personal data, using all user input as training data for the AI, unrestricted sharing of user information with advertisers, and storing this data on overseas servers.

On Sunday, the NIS said, “Unlike other generative AI services, DeepSeek collects personally identifiable information, including keyboard input patterns, and contains features that enable communication with servers operated by Chinese companies, potentially leading to the transmission of chat logs.”

The agency also highlighted, “There is no mechanism to block the use of user input data as training data, meaning all user information is being absorbed and used to train the AI system further.”

One major concern the NIS raises is that DeepSeek is designed to share user service data with advertisers without restrictions. The platform is also feared to store this data indefinitely since no retention period is specified in its terms of service.

According to DeepSeek’s terms, South Korean users’ personal information and input data are stored on servers in China. They can be provided to the Chinese government upon request, as Chinese law requires.

Inconsistent Responses Across Languages

While other generative AI services, such as OpenAI’s ChatGPT and CloverX, provide consistent answers regardless of the language used, DeepSeek has been found to give differing responses depending on whether the question is asked in English, Chinese, or another language.

For example, when asked in Korean about the legitimacy of the Northeast Project, DeepSeek responded, “There are differences due to historical interpretation discrepancies with neighboring countries.” However, when asked the same question in English or Chinese, the AI gave a completely different answer, calling it “a legitimate initiative to revitalize China’s northeastern region” and stating that it aligns with “Chinese interests.”

In another case, when asked in Chinese about the origin of kimchi, DeepSeek incorrectly stated, “The origin is not Korea, but China.” When asked about the Dragon Boat Festival, it provided an inaccurate answer, saying, “It is a traditional Chinese holiday.”

The NIS recently sent a notice to South Korean government agencies urging them to exercise caution when using generative AI services like DeepSeek for official work and emphasizing the importance of data security.

An NIS official confirmed that they would collaborate with relevant agencies to review DeepSeek’s technical safety thoroughly. If necessary, additional information will be shared with the public to ensure transparency and address concerns.