What is DeepSeek? A full breakdown of the disruptive open-source LLM

Founded in 2023 by Liang Wenfeng, DeepSeek is a China-based AI company that develops high-performance large language models (LLMs). Developers created it as an open-source alternative to models from U.S. tech giants like OpenAI, Meta and Anthropic.

In January 2025, DeepSeek LLM gained international attention after releasing two open-source models — DeepSeek V3 and DeepSeek R1 — that rival the capabilities of some of the world’s leading proprietary LLMs.

DeepSeek V3

DeepSeek V3 uses a mixture-of-experts (MoE) architecture, loading only the required “experts” to answer prompts. It also incorporates multi-head latent attention (MLA), a memory-optimized technique for faster inference and training.

DeepSeek R1

DeepSeek R1 builds on V3 with multitoken prediction (MTP), allowing it to generate more than one token at a time. It also uses a chain-of-thought (CoT) reasoning method, which makes its decision-making process more transparent to users.

*Both models are available in various sizes, from 1.5 billion to 671 billion parameters. This makes them deployable on everything from personal laptops to enterprise-grade GPU clusters.

Benchmark results show DeepSeek R1 performing at or near the level of OpenAI’s o1 and Meta’s Llama 3, despite requiring significantly less training infrastructure. 

Unlike OpenAI’s frontier models, DeepSeek’s fully open-source models have fueled developer interest and community experimentation.

Developers are using DeepSeek for a wide range of purposes, including:

• Multilingual customer service chatbots
• Document summarization
• Natural language code generation
• Academic tutoring and test prep
• Rapid prototyping of AI tools

However, its open-source nature and weak guardrails make it a potential tool for malicious activity, like malware generation, keylogging or ransomware experimentation.

Anyone can download and run DeepSeek locally from public repositories. The full R1 model (671B) requires enterprise-grade GPU clusters, but distilled versions (1.5B to 70B parameters) run on consumer-grade hardware.

DeepSeek is also accessible via:

• Web interface
• Mobile apps on iOS and Android
• API integrations (in development)

DeepSeek represents a new chapter in AI: high-performing, openly available and increasingly under regulatory scrutiny. 

While the technology offers impressive capabilities, its permissive design raises concerns about:

• Privacy and surveillance
• Security guardrails
• Content filtering and bias
• Use by sanctioned or state-affiliated actors

Governments are responding with AI regulations. As of February 2025, DeepSeek is banned or under review in:

• U.S. federal agencies (Pentagon, Congress, DISA, NASA)
  • U.S. states: Texas, New York, Virginia
• Italy
• South Korea
• Taiwan
• Australia

DeepSeek’s roadmap includes:

• Expanding its developer ecosystem
• Refining CoT’s reasoning capabilities
• Improving jailbreak resistance
• Launching paid cloud services with premium APIs

But with growing scrutiny from public agencies and private-sector security researchers, its trajectory will depend on how well it balances openness with responsible AI development.

Tenable Research has identified four major areas of concern when using DeepSeek:

• Data privacy: User data is stored on servers in China and falls outside GDPR and similar protections.
• Third-party tracking: Baidu powers DeepSeek’s web analytics, and reportedly shares network/device data with ByteDance.
• Security gaps: Weak guardrails make the model susceptible to jailbreaks and abuse.
• Censorship and bias: Tests show a high rate of censorship and systemic bias.

“Should I be concerned about DeepSeek at work?” Many pondered this question after DeepSeek made national news.

The reality is, the rise of DeepSeek AI introduces both opportunity and risk for your organization. While the open-source nature of DeepSeek’s models can accelerate experimentation and innovation, it also opens the door to significant security, compliance and privacy concerns.

Key DeepSeek risks to monitor

• Shadow AI usage: Employees may use DeepSeek chat apps, browser extensions, or locally hosted models without IT approval, creating blind spots for data handling and acceptable use.
• Data exfiltration: DeepSeek’s mobile and web apps collect user input and behavioral data, which is transmitted to overseas servers and outside most Western regulatory frameworks.
• Weak guardrails: DeepSeek’s jailbreak resistance is minimal, making it easier to generate prohibited or malicious outputs. Organizations that misuse it internally risk reputational or legal exposure.
• Policy misalignment: Without visibility, you may be unable to enforce acceptable use policies, export control guidelines or internal governance rules for LLM usage.

What next steps should I take to decrease DeepSeek risk?

• Monitor for DeepSeek activity using Tenable’s AI Aware detection plugins.
• Update your LLM usage policies to explicitly address open-source models and unauthorized AI tools.
• Educate users on the risks of using non-vetted models and tools, especially for regulated or sensitive data.
• Deploy detection and response controls that extend beyond cloud assets to include AI model usage, browser extensions and endpoint interactions.

DeepSeek represents a shift in how AI models are developed and distributed. Organizations that take a proactive stance — by assessing exposure and enforcing policy — are best positioned to benefit from emerging tools while staying secure and compliant.

AI Aware for DeepSeek Detection

Tenable’s AI Aware solution can help you find and monitor unauthorized use of tools like DeepSeek across your environment.

AI Aware includes custom plugins to:

• Detect known DeepSeek executables and browser plugins
• Identify in-use DeepSeek APIs or model variants
• Monitor network communications with DeepSeek infrastructure
• Active plugins include:
  • Plugin 196906
  • Plugin 701497
  • Plugin 701498

These detections are part of Tenable Vulnerability Management and Tenable Enclave Security, helping security teams apply policies to emerging AI risks.

Learn more about AI Aware.

What is DeepSeek?

DeepSeek is a Chinese open-source large language model (LLM) company founded in 2023. It released DeepSeek V3 and R1 in 2025.

Is DeepSeek safe to use?

DeepSeek is associated with privacy risks, especially for data hosted on Chinese servers. Running DeepSeek locally may be safer than using its website or mobile apps. 

What’s different about DeepSeek R1?

R1 uses a unique chain-of-thought reasoning system and multi-token prediction and matches performance with top models like OpenAI o1 while remaining open source.

Has DeepSeek been banned anywhere?

Yes. Several countries and U.S. agencies have banned or restricted DeepSeek over privacy and security concerns.

How does Tenable detect DeepSeek?

Tenable uses AI Aware plugins to monitor DeepSeek-related usage, identify vulnerabilities and align with organizational security policy.

DeepSeek is a breakthrough in open-source AI, but not without risk. Its models rival top U.S. offerings, yet privacy, bias and security are serious concerns. Tenable can help your organization address these risks with proactive detection, policy enforcement and real-world testing of LLM behavior — so your team can innovate securely.

Want to learn more about DeepSeek? Read more “Frequently asked questions about DeepSeek large language model (LLM).”