Every few weeks a security lead asks us some version of the same question: should we be worried about DeepSeek?
Here's the honest answer: the question is usually late. In deployments we've run, DeepSeek shows up in network traffic at companies whose leadership had never heard of it. Employees don't wait for the security review. The model is genuinely good, the app is free, and "free and good" beats "pending approval" every single time.
So let's separate what's actually known from the noise.
What the privacy policy plainly says
DeepSeek is built by a company based in Hangzhou, China, and its own privacy policy states that user data is stored on servers in the People's Republic of China. That includes prompts. Whatever an employee pastes into the consumer app or website leaves your jurisdiction and lands under a different legal regime, one where the rules about government access to data held by domestic companies are not the rules your counsel planned around.
That's not speculation or geopolitics. It's the vendor describing its own product.
What regulators have already done
Italy's data protection authority blocked the app within weeks of its viral moment. Australia banned it from government devices. Taiwan did the same. South Korea pulled it from app stores for a period while it investigated data practices. Multiple US agencies and states prohibited it on official hardware.
You don't have to agree with every one of those decisions. But when that many regulators, with different politics and different legal systems, converge on the same call for government devices, "we'll allow it by default and see" is a strange position for a company handling client data.
The distinction that actually matters
Here's the nuance most coverage misses: DeepSeek's model weights are open. A company can host the model itself, on its own infrastructure, and none of the data residency concerns above apply. Self-hosted DeepSeek is a completely different risk conversation from the consumer app.
The problem is that your employees aren't self-hosting anything. They're typing into deepseek.com in a browser tab, on the free tier, possibly signed in with a personal account. When people ask "is DeepSeek safe," they're usually asking about the model. The real question is about the pipe, and the pipe goes to Hangzhou.
Why blocking it at the firewall won't save you
The reflex answer is to block the domain. Do that if your policy calls for it, but understand what it buys you: the traffic moves to phones, hotspots, and home networks, where you have zero visibility instead of some. A KPMG global study found 57% of employees already hide their AI use from their employer. Blocking without an approved alternative doesn't reduce usage. It reduces your knowledge of it.
The companies handling this well do three things:
- Measure first. Find out whether DeepSeek (and what else) is actually in your traffic before writing policy against hypotheticals.
- Give the good-fast-free crowd a sanctioned option. People paste into whatever's closest. Make the closest thing something you've reviewed.
- Enforce at the device, not the perimeter. The decision about a specific paste has to happen where the paste happens, before the bytes leave the laptop.
Find out in an afternoon
We run a free 7 day audit: Themisto on up to ten machines, and at the end you get the list of every AI tool your fleet actually talks to, DeepSeek included, with per-device attribution. One company we measured expected zero AI usage and logged 2,888 requests in five days. The report from that deployment is here, anonymized.
Whether DeepSeek is safe for your company is a decision you get to make. Whether it's already on your network is just a fact, and it's checkable.