A bipartisan congressional bill has been proposed, which would prohibit the use of the Chinese artificial intelligence software, DeepSeek, on government devices.

The bill, introduced by United States Representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL), has been proposed on the grounds of national security, citing concerns of espionage. 

Dave Gerry, CEO at Bugcrowd, comments, “Scrutiny of DeepSeek appears warranted given the likely connections back to the Chinese Communist Party (CCP), continued concerns around data privacy and leakage, and a recent security incident. Unsurprisingly, government and corporate leaders alike are looking at options to, at a minimum, temporarily remove access while additional reviews are done.”

Below, more security leaders share their thoughts on this proposed bill. 

Security leaders weigh in

Satyam Sinha, CEO and Co-Founder at Acuvity:

For the U.S. government, espionage is a daily challenge and exposing workers to GenAI services such as DeepSeek, which clearly state that data will reside in China and will be used to improve the models and services, is an obvious risk. The move to block the mobile application and website is clearly a recommended approach.

However, the issue at hand is much bigger than just DeepSeek. First, there are several other apps with similar origins and risks as DeepSeek — for example Qwen. Focusing on the trending GenAI service is just a stopgap. What we should be thinking about is the overall categories of risk. Second, GenAI services, regardless of their origin, are under constant cyberattack. And it only takes one successful attack for sensitive information such as login credentials to be stolen in mass.  

What I would like to see is for us to take a stronger stance on security of GenAI application usage across the board and start requiring an extra layer of cybersecurity. By moderating the information that is initially shared, we can reduce the risk associated with GenAI applications, whether those risks stem from intended design or cyberattacks.

J Stephen Kowski, Field CTO at SlashNext Email Security+:

While DeepSeek’s AI capabilities are impressive, security researchers have identified multiple vulnerabilities that could allow malicious actors — whether nation-states or cyber criminals — to exploit the application as a delivery mechanism for credential theft and data exfiltration. The discovery of hidden code capable of transmitting login credentials to China Mobile servers highlights how AI chatbots can become unwitting conduits for cyberattacks, which is particularly concerning given that millions of users have already downloaded and integrated these tools into their daily workflows. The rapid response by Australia, Italy, Taiwan and South Korea to implement bans demonstrates the seriousness of these security gaps, especially since advanced threat detection could have identified these concealed communication channels before they put sensitive data at risk. Modern organizations need real-time protection that can detect and block sophisticated technical threats hiding within seemingly innocent AI applications, regardless of their country of origin.

Casey Ellis, Founder at Bugcrowd:

This is as much about geopolitics and trust as it is about technical vulnerabilities. The ban is a defensive move in a much larger strategic competition. While it’s a step in the right direction, it also underscores the need for a proactive, rather than reactive, approach to securing U.S. technology and data.

This proposed ban on DeepSeek is a classic example of the intersection between cybersecurity, geopolitics and national security. The concerns raised by LaHood and Gottheimer about the app’s potential for espionage align with a broader pattern of scrutiny around Chinese-affiliated technologies. The underlying issue here isn’t just about DeepSeek itself but the broader risk posed by software and hardware tied to entities that operate under CCP influence.

From a cybersecurity perspective, the concern is valid. Apps like DeepSeek, particularly those with access to sensitive data or device-level permissions, can be weaponized for surveillance or data exfiltration. The U.S. government has been increasingly cautious about this, as seen with prior actions against companies like Huawei and TikTok. The fear isn’t just theoretical — there’s precedent for adversarial nation-states leveraging technology for espionage.

That said, this isn’t just a technical issue, it’s a trust issue. The challenge is that even if DeepSeek’s developers claim no affiliation with the CCP or no malicious intent, the opacity of Chinese corporate governance and the potential for state influence make it difficult to verify. This is why the U.S. government is erring on the side of caution.

The broader takeaway here is that this isn’t just about banning one app. It’s about recognizing the systemic risk posed by foreign-controlled technologies in critical environments. The U.S. needs to continue investing in its own tech ecosystem to reduce reliance on potentially compromised foreign solutions. At the same time, fostering collaboration with the global cybersecurity community — particularly ethical hackers and researchers — can help identify and mitigate these actual technical risks before they become crises.