The Industry Speaks: Aussie government DeepSeek ban

Banning access to the DeepSeek website and mobile applications is straightforward. However, because the DeepSeek LLM itself is open-source, blocking access to it is less straightforward, as it can be run locally on a device, it can be run through a cloud environment, and installed via various apps or frameworks like ollama. It requires some extra legwork for users to set up, but it can be done.

The local LLMs don’t require access to external servers, minimising the risk of leaking sensitive data. However, banning DeepSeek’s website and apps on government devices is one barrier, because they are still accessible on personal devices, which could be used to share sensitive information. Another concerning aspect of DeepSeek is not just the exposure of sensitive information, but rather the model’s lack of safety features, as it could be used for harmful or nefarious purposes.

Sarah Sloan
Head of Government Affairs and Public Policy, Australia New Zealand and Indonesia at Palo Alto Networks

Palo Alto Networks welcomes the Australian Government’s continued focus on safeguarding Australia’s digital ecosystem and ensuring strong protections against evolving cyber threats. The issuance of Direction 001-2025 is a critical step in strengthening Australia’s cyber resilience, building on previous government directions such as the ban on TikTok from government devices and the requirement to manage foreign ownership, control, and influence risks in technology assets.

VIEW ALL

The risks associated with platforms like DeepSeek cannot be ignored – China’s national security laws compel companies to provide state access to data, raising concerns about the security of sensitive conversations and information.

This directive reinforces the broader need for vigilance across both public and private sectors, particularly the importance of using secure technology assets. Organisations must adopt a proactive approach to managing technology supply chains – partnering with trusted vendors, ensuring due diligence at procurement, and maintaining real-time visibility over technology assets. Robust risk mitigation strategies are essential to defending against unauthorised access and foreign interference, ensuring Australia’s long-term digital security.

Andrew Grealy
Head of Armis Labs

The AI arms race, especially between major players like DeepSeek, Alibaba, ByteDance, and their U.S. counterparts, is a double-edged sword. On one hand, rapid advancements drive innovation, increase accessibility, and push the boundaries of AI capabilities. On the other, the intense competition often prioritises speed over security, governance, and long-term sustainability.

For companies and consumers, the allure of cutting-edge AI models – especially open-source ones – comes with significant trade-offs. Open-source models provide transparency and adaptability but also introduce security risks, such as data leakage, adversarial manipulation, and lack of robust safeguards against misuse. Without rigorous security vetting, organisations leveraging these models may find themselves in a precarious position, exposing sensitive data or enabling unintended consequences.

The race for the “fastest AI gunslinger” also raises concerns about responsible AI development. If the focus is purely on performance benchmarks and model size, rather than safety, reliability, and ethical considerations, we risk a scenario where AI is deployed recklessly. The rush to dominate the AI landscape may ultimately force companies into a Faustian bargain – trading long-term trust and security for short-term competitive advantage.

In short, while competition fuels progress, responsible AI development should not take a backseat to the speed of innovation. Organisations should weigh the risks carefully before adopting new models and push for more robust security, compliance, and ethical AI standards across the industry. The reality is that it is going to be Faustian bargain-trading as no vendor is willing to hold back. It's company versus company, country versus country. This is now geopolitical.

Artificial generaI intelligence (AGI) is one of the biggest table stakes in the world. This is the land of trillionaires, the definition of capitalism – you build AGI, and from that moment on, you don’t build anything again. The AGI keeps refining itself, accelerating its own intelligence until we reach Artificial superintelligence (ASI). Imagine AGI cracking nuclear fusion, curing cancer, and unlocking solutions that would instantly create billionaires. This arms race has everything to lose and everything to win.

But then consider a company pushing AI forward, offering incredible capabilities for free, yet lots of dangers below the surface. If there’s a lesson from DeepSeek’s triumph, money alone doesn’t foster breakthroughs – it creates an illusion of progress while the real game changers, constrained by resources, are forced to think differently. And history has shown time and time again: those who are forced to be creative, to work within limits, are the ones who ultimately win. Innovation is more than spending.

70 per cent of companies are already blocking DeepSeek, but threat actors are moving just as quickly, spinning up DeepSeek-related domains to bypass these restrictions and exploit unsuspecting users. These domains aren’t just being used for circumvention – they’re becoming tools for compromise, targeting organisations and their customers alike. Adding to the concern, all DeepSeek requests were found in unprotected ClickHouse logs and data sent to China, raising major data sovereignty and security questions. Given the geopolitical implications, it’s only a matter of time before we see broader bans, much like TikTok, extending to lots of Chinese AI services.

So yeah, grab your popcorn… but maybe also a helmet. This ride is going to be wild.

Dr Dana Mckay
Senior Lecturer in Innovative Interactive Technologies at RMIT University’s School of Computing Technologies

The reason Chinese-made and -owned tools are being banned is that the data they collect is available to the Chinese government not just when a crime has been committed, but also for economic or social reasons.

DeepSeek even collects keystroke patterns, which can be used to identify individuals, potentially allowing them to match in-work searches with leisure time searches, potentially leading to national security risks.

It is fair to ask whether DeepSeek is more dangerous to Australian national security than, say, OpenAI which collects similar data: the difference is that OpenAI will only give data to government to comply with relevant laws, and this typically means where a crime may have been committed.

Whether governments should be concerned about the level of data collected by commercial companies, such as OpenAI and Google, is still a significant question, but one that is separate to the national security concerns raised by China's data sovereignty laws.