TikTok and DeepSeek: Costs of Convenience + Why Cybersecurity Comes First
Introduction
2025 has started with major shifts for users of Chinese-owned tech platforms. In January, the U.S. government issued a nationwide ban of TikTok over data privacy and foreign influence concerns, prompting a 194% increase in U.S. downloads of Xiaohongshu (RedNote), a similar Chinese-owned app. Days later, TikTok resumed service after President Trump moved to reverse the ban. Now, the industry is buzzing about DeepSeek, a Chinese open-source AI chatbot rivaling OpenAI’s ChatGPT with a fraction of the resources. DeepSeek’s security risks have led several countries and 3 US states to ban it, while cyber threat researchers scramble to expose DeepSeek’s vulnerabilities.
Are these platforms truly a security threat, or is this all driven by geopolitics and foreign policy? Today, we will shed light on TikTok, RedNote, and DeepSeek by analyzing their impact on global cybersecurity and answering the fundamental question: should these apps be banned?
TikTok’s Ties & Why They Matter
TikTok has revolutionized social media, enabling creators to reach global audiences with ease. Its algorithm surfaces engaging content, creating an accessible ecosystem and revenue stream for businesses and influencers. When TikTok was banned, millions scrambled for alternatives such as RedNote and Lemon8.
So why the nationwide panic? The issue isn’t the app—it’s who owns it. TikTok, RedNote, and Lemon8 are owned by Chinese companies, meaning they fall under China’s National Intelligence Law, which compels companies to share data with the government. And as China is leading the charge in terms of state-sponsored cyber espionage, there is legitimate concern that the Chinese government could exploit TikTok user data for surveillance, influence campaigns, or economic theft. TikTok has already come under international scrutiny for surveilling journalists.
This highlights a key distinction—while other social media companies collect similar data, they are not headquartered in jurisdictions where governments can easily access it. TikTok remains the only leading app owned by a foreign adversary with a history of state-backed cyber theft.
DeepSeek’s AI Capabilities: A Double-Edged Sword
In recent weeks, technologists have debated another controversial Chinese-owned AI product—DeepSeek. Along with Qwen, it operates similarly to OpenAI’s ChatGPT and Google’s Gemini, leveraging large language models (LLMs) to simulate human problem-solving. DeepSeek reportedly delivers top-tier AI performance while using fewer resources and less memory than competitors.
While DeepSeek’s work is impressive, this new platform poses significant cybersecurity risks. Security analysts have observed threat actors using DeepSeek and Qwen to create malicious content, manipulate AI security, and develop malware. Researchers at NowSecure also discovered that DeepSeek’s mobile apps transmit unencrypted user data to Chinese servers, exposing it to risks of interception and misuse.
Additionally, recent research published by Palo Alto Networks highlights DeepSeek’s susceptibility to different jailbreaking techniques that bypass safety measures. Specifically, the team at Palo Alto identified 3 methods to circumvent content restrictions. These vulnerabilities could lower barriers cybercriminals to exfiltrate data, create keyloggers, and construct incendiary devices.
Chinese AI developments often lack scrutiny, making their risks harder to assess. There is already documented evidence of Chinese state-sponsored cybercriminals utilizing AI in their operations, and DeepSeek’s capabilities could amplify these efforts. Concerns persist that China’s AI models could fuel disinformation, deepfakes, and cyber espionage. Additionally, the Chinese government’s influence over AI raises concerns about bias, censorship, and data security.
Protecting Privacy in a Digital World Under Siege
Technological advancement often outpaces regulation, leaving cybersecurity risks unaddressed for years. TikTok launched internationally in 2017, and despite repeated warnings from intelligence agencies, the U.S. government only recently took serious steps to restrict Chinese technology. This delay is dangerous for national security.
TikTok has created economic opportunities for millions, DeepSeek has advanced AI with limited resources, and Chinese tech companies have contributed to global innovation. However, cybersecurity risks cannot be ignored. Chinese state-sponsored hackers are breaching global infrastructure at an unprecedented rate, exploiting the world’s government systems, intellectual property, and telecommunications networks. Last year, Chinese-backed cyber espionage activities surged by 150%, underscoring the aggressive nature of these threats. Governments should respond by enforcing cybersecurity standards, strengthening data protection laws, and investing in domestic technology alternatives.
This challenge extends beyond any one country’s technology – it is about building a secure, transparent digital ecosystem that protects users worldwide. Given the overwhelming evidence of Chinese state-sponsored exploitation of global technological sovereignty, addressing risks tied to companies bound by Chinese legal obligations is crucial. Users will still have platforms to express themselves, grow businesses, and connect with others – without placing sensitive data in an adversarial jurisdiction. While making safer online decisions may feel restrictive, prioritizing convenience and entertainment over security is not an option. The global community to take cybersecurity seriously – ignoring these risks today means paying a far greater price tomorrow.
Approved for Public Release; Distribution Unlimited 24-03572-1. ©2025 The MITRE Corporation. ALL RIGHTS RESERVED.