A comprehensive US government study has designated DeepSeek’s AI models as a national security threat, marking the first official assessment to classify Chinese AI systems as “hostile artificial intelligence.” The National Institute of Standards and Technology report, published October 1st, determined that DeepSeek models demonstrate dangerous vulnerability to cyberattacks while embedding Chinese Communist Party narratives throughout their outputs.

NIST’s Center for AI Standards and Innovation examination found DeepSeek’s most secured model responded to 94% of malicious requests during jailbreak attacks, compared to just 8% for American reference models. The Chinese AI company’s systems proved 12 times more susceptible to agent hijacking attacks, with compromised agents sending phishing emails, downloading malware, and stealing user credentials in simulated environments.

Security Deficiencies Expose Critical Weaknesses

The CAISI evaluation tested three DeepSeek models against leading American systems including OpenAI’s GPT-5 and Anthropic’s Opus 4 across 19 criteria spanning security, performance, and protection. DeepSeek models consistently underperformed relative to US counterparts, particularly in cybersecurity and software development tasks.

Beyond technical shortcomings, the study revealed DeepSeek systems repeat Chinese Communist Party narratives four times more frequently than American models, raising concerns about embedded political bias and censorship. Commerce Secretary Howard Lutnick emphasized these findings demonstrate why “relying on foreign AI is dangerous and short-sighted.”

Despite security problems, DeepSeek downloads surged nearly 1000% since January 2025 thanks to the company’s open approach allowing users to run models locally without API costs. Rapid proliferation of potentially vulnerable systems has amplified national security concerns among government agencies.

Broader Implications for AI Competition

The NIST report represents a turning point in escalating US-China technological rivalry, officially designating Chinese artificial intelligence as a national security threat under President Trump’s AI Action Plan. This assessment provides competitive advantages to American companies like OpenAI and Anthropic while raising questions about safety in open AI system development.

The study showed American models generally outperform DeepSeek by 20-80%, with operational costs running approximately 35% lower. However, critics note the evaluation excluded DeepSeek’s new V3.2 version released this week, which features substantial price reductions and performance improvements.

The report’s timing amid intensifying geopolitical tensions suggests AI development is increasingly viewed through national security lenses, potentially accelerating fragmentation of global AI supply chains and strengthening preferences for domestic technologies in critical sectors.

Technical Vulnerabilities Create Deployment Risks

The specific vulnerabilities identified in DeepSeek systems matter because they’re not theoretical concerns—they represent exploitable weaknesses in models already seeing widespread adoption. The 94% jailbreak success rate means attackers can bypass safety guardrails and force the system to generate harmful content with relative ease. For context, achieving a 94% success rate against most security systems would be considered a complete failure of protective measures.

Agent hijacking vulnerabilities prove even more concerning for enterprise deployments. Organizations increasingly deploy AI agents with elevated permissions to automate workflows, access sensitive data, and interact with external systems. A compromised agent operating with those permissions could exfiltrate proprietary information, manipulate internal systems, or launch attacks against connected infrastructure—exactly the scenarios NIST testing simulated.

The embedded political narratives identified in the assessment create different risks. While obvious propaganda might be easy to spot, subtle bias in how systems frame issues, what information they prioritize, or which perspectives they validate can shape user understanding without triggering conscious skepticism. When AI systems become trusted information sources, embedded biases gain outsized influence.

Market Dynamics vs Security Considerations

DeepSeek’s 1000% download growth despite these security findings reveals tension between market appeal and safety considerations. The ability to run capable models locally without ongoing API costs represents genuine value for developers and researchers. Open-weight approaches enable experimentation, customization, and deployment in environments where cloud API access isn’t feasible or desirable.

This creates a dilemma: the same openness that makes DeepSeek attractive also makes it vulnerable. Closed commercial models can implement server-side safety measures that can’t be bypassed by users. Open-weight models place complete control—including ability to remove safety features—in users’ hands. Neither approach is inherently superior, but they involve different trade-offs between capability, security, and control.

The exclusion of DeepSeek V3.2 from NIST testing represents a legitimate methodology question. Evaluations necessarily lag behind rapidly evolving technology, but assessing older versions while newer ones exist risks drawing conclusions that don’t reflect current capabilities. Whether V3.2 addresses the vulnerabilities found in earlier versions remains unclear, though the report’s findings likely still apply to the hundreds of thousands of V3 deployments already in production.

American model performance advantages of 20-80% across tested criteria, combined with 35% lower operational costs, would normally make competitive positioning straightforward. But geopolitical considerations now override purely technical or economic factors in many deployment decisions. Government agencies and critical infrastructure operators face pressure to avoid foreign AI systems regardless of performance metrics.

The report frames AI development as a national security competition rather than a collaborative technological advancement. This framing has consequences—it accelerates bifurcation of AI ecosystems along geopolitical lines, reduces international collaboration on safety research, and potentially slows progress by fragmenting efforts and limiting cross-pollination of ideas.

Whether DeepSeek’s vulnerabilities reflect intentional backdoors, insufficient security investment, or inherent challenges in open model development remains debatable. The NIST report doesn’t claim deliberate malice, but in national security contexts, distinguishing between incompetence and intent becomes less important than addressing exploitable weaknesses regardless of their origin.

Organizations evaluating AI systems now face additional complexity beyond technical capabilities—they must weigh security vulnerabilities, geopolitical considerations, regulatory pressures, and potential future restrictions on foreign AI usage. The NIST assessment transforms these considerations from abstract concerns into documented risks with official government backing, shifting calculation for many potential DeepSeek adopters.