DeepSeek and the AI arms race

Have we learned nothing from TikTok? Nadir Izrael at Armis discusses the unfolding AI arms race and the geopolitical uncertainty shaping cyber-warfare

 

We’ve seen this all before—it’s like we’re stuck in a time loop. When a new technology surges in popularity, excitement overshadows caution, and security risks are brushed aside. TikTok was dismissed as just another social app until its data privacy concerns became impossible to ignore.

 

Now, it’s DeepSeek. Much like TikTok before it, the Chinese-owned AI model is forcing organisations and governments to face hard truths about data privacy, national security and corporate risk.

 

While countries like Italy, South Korea, Australia and the U.S. have already banned access to government devices, cyber-criminals are already exploiting the AI’s vulnerabilities. They’re creating DeepSeek-related domains for phishing and malware distribution while exploiting the lack of regulation in data handling to further blur the lines between legitimate AI use and cyber-threats.

 

Therefore, the saying, “History repeats itself,” feels particularly apt. But with DeepSeek, the stakes are far higher. It’s a flashpoint in a growing AI arms race where the West and China are locked in an escalating battle for AI dominance. This time, the vulnerabilities extend to the very core of AI. The security flaws in models like DeepSeek mean that AI itself is becoming a source of systemic risk.

 

But it’s not too late - only if we act now. By understanding the risks they pose to society and organisations, we can curb these threats before they spiral out of control.

 

A deep dive into DeepSeek

Global tensions alone are balanced on a knife’s edge, with trade wars and geopolitical rivalries pushing the world into an increasingly fragile state. Within this context, AI has emerged as a critical battleground. Dominance in AI translates to strategic power across defence, intelligence and economic influence.

 

Mirroring TikTok’s trajectory, DeekSeek’s rapid adoption and popularity reveal similar vulnerabilities: a Chinese-owned platform with unchecked data access operating beyond regulatory and security controls while becoming deeply integrated into society. Yet, what if such platforms secretly log every query, manipulate results to subtly shape opinions or inject exploitable vulnerabilities into software projects?

 

Beyond its well-documented cyber-espionage operations and state-sponsored hacking units, it’s an increasingly probable scenario that China could weaponise AI companies and tools against the Western world. Leaked ClickHouse logs revealing data flow to China only fuel existing distrust, reinforcing fears that AI is being used for geopolitical advantage.

 

The difference between DeepSeek and TikTok is the scale and speed of AI’s evolution. It’s being weaponised at an unprecedented rate, making oversight increasingly difficult. The security vulnerabilities within DeepSeek, where it’s been trained on vast datasets of stolen passwords and security keys, are a stark example. Arming bad actors with exploitable secrets and access to sensitive data, AI has become a direct cyber-security threat, as evidenced by the 74% of IT leaders who reported experiencing an AI breach in 2024.

 

Western governments can’t keep up. Businesses and individuals are exposed to AI-driven threats in real time. Yet, AI development accelerates while guardrails are dismantled in pursuit of supremacy. This unregulated environment has allowed bad actors to profit from both sides of the AI arms race. They operate without restrictions, adopting any and all AI tools to bypass defences and exploit vulnerabilities at scale.

 

With slow government action, organisations cannot afford to ‘wait and see.’ After all, the AI arms race and the surge in AI-driven cyber-warfare won’t wait for policymakers to catch up.

 

Strengthening cyber-security in the age of AI

Unlike traditional conflicts, cyber-warfare knows no borders and demands no costly military input. While nations battle for AI supremacy, they’ve failed to realise that bad actors are already winning the race, with businesses and society paying the price. The systemic risk posed by AI vulnerabilities, as seen in DeepSeek’s compromised training data, highlights the urgent need for proactive defence.

 

Therefore, a fundamental shift in mindset is required. Reacting to threats after they’ve made an impact is no longer an acceptable strategy. Organisations must take a proactive stance. In this AI-driven world, AI-powered security is the only viable defence. To truly “fight fire with fire,” businesses must deploy AI-powered solutions that go beyond traditional, siloed security approaches. 

 

But before businesses can secure what they have, they must understand what’s in their environment. DeepSeek has served as a wake-up call, not just for its impact on global markets but also for what it represents: a rapidly evolving AI landscape where open-source accessibility collides with security concerns.

 

Yet, as AI models are increasingly embedded into mission-critical processes, this isn’t just an IT problem; it’s a fundamental security challenge that affects everyone.

 

Without understanding where DeepSeek resides in their digital ecosystems, businesses remain exposed to AI-driven threats and the risks of unmonitored technologies. The key is to gain full situational awareness, map all AI-related activity across networks and proactively secure critical assets.

 

AI may be a growing risk, but when harnessed correctly, it can also be the strongest defence. It’s here to support organisations in anticipating threats, monitoring the attack surface in real time and pre-empting vulnerabilities to stay ahead in an era where security and geopolitics are increasingly intertwined.

 

Put simply, in this high-stakes AI arms race, inaction is not an option. It’s not about being first and there’s certainly no consolation prizes. It’s about fortifying defences. Those that fail to do so will find themselves outpaced, outmanoeuvred and ultimately overtaken by cyber-threats.

 

The need for AI-driven cyber-security

DeepSeek should serve as a stark reminder. We cannot afford to repeat the security oversights of the past. These recent events highlight the need to balance progress with security to make sure innovation doesn’t come at the cost of resilience.  

 

Cyber-criminals are moving faster than policymakers, leaving organisations as the primary target. The choice, therefore, is clear: embrace AI-powered security or risk becoming collateral damage.

 

AI must be transformed from a liability into a strategic asset – securing digital ecosystems before any damage is done. This is not just about mitigating risks; it’s about building a future where AI protects rather than threatens. Before it is too late. 

 

---

 

Nadir Izrael is Co-Founder and CTO at Armis

 

Main image courtesy of iStockPhoto.com and Devrimb