The Frontier Illusion: Rethinking DeepSeek’s AI Threat
Following the release of DeepSeek-V3 on December 26, 2024, Western nations, led by the United States, have found themselves caught between astonishment at China’s AI advancement and deep concerns over potential threats to privacy, safety, and national security. This tension has sparked a worldwide cascade of regulatory actions and outright bans against DeepSeek.
Australia, Taiwan, the Netherlands, Japan, and Canada have banned DeepSeek for use in government agencies and firms, while Italy and South Korea have imposed nationwide bans on its use and download. In the United States, the response has been equally decisive, with NASA and several state governments prohibiting their employees from using the platform. Washington state has gone further by drafting ban legislation, while federal lawmakers have introduced their bill to restrict DeepSeek nationwide. As more nations scrutinize DeepSeek’s safety implications, this regulatory wave is likely to expand.
I argue that these trends suffer from what I call the “frontier illusion,” which encompasses two related phenomena: technological threat perception, where leading nations at the frontier overestimate the speed of competitors’ catch-up and perceive it as a threat, and technological leapfrogging, where they view latecomers as having achieved technological parity despite their continued lag in fundamental capabilities. In fact, the widely discussed security and privacy concerns surrounding DeepSeek may stem from the immaturity of their technology rather than inherent risks. The machine learning and reinforcement learning models developed by DeepSeek prioritize efficiency, making them a viable strategy for latecomers in AI development—but they do not represent an entirely novel approach that the U.S. or other nations cannot replicate.
This blog post stems from a fundamental skepticism about DeepSeek’s purported technological superiority over other frontier AI models. DeepSeek operates with just 150 junior researchers, most with only 2-3 years of experience, and utilizes a modest cluster of 2,048 NVIDIA H800 GPUs to achieve performance that reportedly matches or exceeds that of ChatGPT and Claude. However, as someone from South Korea—once a technological latecomer several decades ago—I knew firsthand that there’s no magical shortcut to catching up with industry leaders through minimal resources and workforce. The term “efficiency” isn’t a universal solution; it represents prioritization and focus, or more bluntly, sacrificing certain aspects to achieve primary objectives.
Most evidence of DeepSeek’s capabilities, including their technical reports, focuses solely on performance comparisons against other AI models. While these benchmarks may be accurate, performance is just one of many criteria in product evaluation. These reports notably lack comparative analyses of DeepSeek’s reliability, durability, and risk. In fact, multiple research findings indicate that DeepSeek falls short of competing AI systems in these crucial aspects.
A study conducted by Cisco and the University of Pennsylvania tested DeepSeek R1’s safety mechanisms using an automated jailbreaking algorithm. Jailbreaking refers to techniques used to bypass an AI model’s built-in safety restrictions or ‘guardrails’ that normally prevent it from engaging with harmful or unethical requests. The study tested this against 50 randomly selected prompts from HarmBench, a benchmark dataset containing 400 different potentially harmful behaviors across categories like cybercrime, false information, and illegal activities. The results showed DeepSeek R1 had a 100% ‘attack success rate’, meaning that every time the researchers requested for harmful information, DeepSeek R1 failed to identify any of these harmful requests, providing the requested information 100% of the time. This complete lack of effective safety filtering stands in stark contrast to other leading models like OpenAI’s o1, which successfully identified and refused to comply with such harmful requests even when faced with jailbreaking attempts.
Source: Cisco
Further tests revealed DeepSeek R1’s troubling ability to generate malicious scripts and code snippets at critical levels. Similarly, another evaluation found that the model exhibited a 68% failure rate in toxic content generation tests, readily producing harmful or inappropriate language when prompted. I attributed these weaknesses to DeepSeek’s cost-efficient training methods, particularly its approach to reinforcement learning and chain-of-thought self-evaluation. These findings strongly suggest that DeepSeek’s emphasis on rapid development and cost-cutting has compromised its risk mitigation mechanisms.
The challenges extend beyond security concerns to the model’s fundamental reliability. Multiple studies have documented significantly higher hallucination rates in DeepSeek R1 compared to its competitors. A Study by Vectara revealed that DeepSeek R1 exhibited a hallucination rate of 14.3%, nearly four times higher than its predecessor, DeepSeek V3 (3.9%). The Register conducted a reliability test for DeepSeek R1’s coherence and self-awareness and identified that the model exhibits clear AI hallucination issues. For example, when the model was asked about its guidelines, it incorrectly claimed, ‘My guidelines are set by OpenAI,’ and when asked about its name, it stated ‘My official name is Claude, created by Anthropic.’ Both claims were entirely false, indicating that DeepSeek R1 not only misidentifies itself but does so inconsistently, further highlighting its reliability issues.

Source: Semafor
These reliability issues were further evident in practical applications, such as chess gameplay testing. DeepSeek R1 exhibited a higher frequency of mistakes and protocol violations compared to OpenAI’s models. It struggled to follow instructions consistently and displayed an unusual tendency to randomly fall out of the game loop. Additionally, the model frequently misused advanced vocabulary and performed inconsistently on tasks without a clear ground truth, raising further concerns about its suitability for real-world applications.
DeepSeek’s security and reliability issues suggest that it still falls short of competing AI models in overall capabilities. This disparity is, in fact, quite natural—latecomers invariably pursue more cost-effective and rapid technological development to catch up with industry leaders, often at the sacrifice of other crucial aspects to secure basic performance metrics.
A useful analogy is the automotive industry. New entrants often emphasize affordability, horsepower, and design to compete with established players, while reliability and safety take longer to refine. Similarly, DeepSeek’s development approach does not signify a groundbreaking advancement in machine learning but rather a strategic adaptation to enter the AI market differently from dominant U.S. firms.
Therefore, the heightened vigilance from the United States and its allies toward DeepSeek may stem from an overestimation of its immediate threat. Before implementing regulatory measures, these nations should take a more measured approach to assess whether DeepSeek truly poses a risk to their market position and, if so, carefully evaluate the timeline of such competitive pressure. A more deliberate and analytical approach would better serve the industry than reactive regulatory responses.
Of course, DeepSeek is not without its own challenges—most notably, privacy concerns. Some view the U.S. and its allies’ restrictions on DeepSeek solely through the lens of geopolitical rivalry, comparing it to the crackdown on TikTok. However, it is premature to frame the issue solely as a measure against China. Unlike TikTok, the primary reason for DeepSeek’s restrictions in many countries lies in its failure to comply with domestic data protection laws.
For instance, in South Korea, DeepSeek was banned due to violations of the  Personal Information Protection Act— an existing law, not a newly established one, that requires platform companies to obtain explicit user consent before sharing personal data with third parties. This law also ensures that South Korean users are notified about how their data may be shared and used, allowing them to either consent or at least be aware of such practices, which serve as a baseline privacy requirement to protect their right to know. Specifically, the South Korean Personal Information Commission announced that a government agency had detected DeepSeek transmitting South Korean users’ data to ByteDance, the Beijing-based company that also owns TikTok, without informing its users in South Korea. However, despite collecting user data—something all platform companies do—DeepSeek failed to disclose this in its terms of service, resulting in its service being banned in South Korea until the issue is rectified.
This is a crucial difference with TikTok because, unlike DeepSeek, TikTok generally met privacy law requirements in most countries and showed efforts to enhance its user privacy policy until the U.S. ban. This compliance allowed TikTok to continue operating in other regions. Even in the U.S., banning TikTok required new legislation and a prolonged legal battle. By contrast, as you can see in South Korea’s case, DeepSeek has yet to meet even the baseline privacy requirements that other Chinese tech firms have adjusted to in international markets. Just as cars must meet legal safety standards before entering foreign markets, AI models must comply with fundamental privacy regulations. If DeepSeek fails to do so, its ability to compete internationally will remain severely limited. Whether this results from its rushed development or deeper political concerns remains unclear. Regardless, this shortfall provides legitimate grounds for regulatory scrutiny and will likely hinder its global expansion. More critically, it undermines prospects for constructive competition and collaboration with AI industries in the U.S. and allied nations.
The post The Frontier Illusion: Rethinking DeepSeek’s AI Threat appeared first on Internet Governance Project.
Source: Internet Governance Forum