Warning: DeepSeek products pose a risk to university environments

Masaryk University's cybersecurity team warns of the risks associated with using DeepSeek's AI tools. Based on the warning NÚKIB, we do not recommend using DeepSeek's products - either for work or personal use. Entering information into language models (e.g., AI chatbot) can seriously compromise data in a university environment.

15 Jul 2025 Warnings

What's going on?

The NÚKIB warning is precautionary in nature - it highlights the long-term risks associated with DeepSeek products, not a specific incident. Below you will find a summary of the key findings, see the official warning for details [1].

Legislation: DeepSeek products are subject to Chinese laws that require companies to cooperate with state authorities (the Chinese government and the Chinese Communist Party), including intelligence agencies.
Data Collection: DeepSeek collects all content entered by the user, as well as information about the user and the device used to access the service — such as region, time zone, language, operating system, device model, and other technical parameters.
Data storage: information is sent to servers in China, DeepSeek does not specify how long it is stored or whether it is deleted. According to the available information, it is transferred to the servers of Huawei and China Mobile, which are sanctioned by the Czech Republic's partners [2].
Technical vulnerabilities: the DeepSeek mobile app for iOS and Android - uses weak encryption, disables security features, sends data unencrypted and allows fingerprinting. All of this increases the risk of tracking, tampering, or misuse of information.

Fingerprinting is the detailed tracking of technical parameters of a device (e.g. phone model, system version, language, time zone) that can lead to the unambiguous identification of a specific user.

Notice

The NÚKIB warning does not apply to DeepSeek's open-source language models when they are run purely locally without the ability to communicate with the company's servers. In practice, however, even a local model can send HTTP requests and thus pose a risk of data leakage unless its external communication is actively blocked (e.g. by network rules or DNS filters).

These concerns are not just theoretical...

DeepSeek and security? The problem is recurring. In January 2025, DeepSeek faced an attack in which attackers gained access to millions of user records. This included their conversation history, access data, API keys, etc. The company suspended new registrations, but it soon became clear that the data was freely available on the Internet, without any security [3].

In late May 2025, the Czech government officially named China as responsible for the cyber espionage campaign against the Ministry of Foreign Affairs.The attackers were found to have gained access to thousands of emails, including those from the Czech EU presidency. This clearly shows how real and current the threat from Chinese state structures can be - and why the use of tools subject to their influence is a major security risk [4].

What to do?

Not only for the reasons given above, we stress that it is preferable to avoid their use. It is important to be aware of the consequences and we therefore give some specific situations that may arise when using them:

Unintended disclosure of sensitive information: a user inserts a non-public internal strategy into DeepSeek with the goal of summarizing it. Due to weak security, the content is stored on insecure servers and made available to third parties.
Loss of control over access credentials: a developer tests the API and enters access tokens into a prompt - this data can be stored, sent to servers in China, and potentially misused.
Risk of breach of confidentiality and regulations: a manager asks DeepSeek to translate a document containing personal data - the information is stored on servers outside the EU, with no guarantee of deletion or the prospect of misuse for an attack.
Employee profiling: DeepSeek collects technical data about the device, user behavior and query content. For employees in strategic positions, this can lead to de-anonymisation and targeted tracking.

Conclusion

The combination of Chinese legislation, data collection and transmission, and technical vulnerabilities point to a high level of risk. Links to sanctioned entities are another problem. Instead, Microsoft Copilot can be used, which is available to all MU employees and students under their M365 account [5] (data processing is contracted in this case).

You can always find everything important about cybersecurity at Masaryk University at https://security.muni.cz/en.