PETALING JAYA — Cybersecurity experts have called on Putrajaya to restrict or ban the use of China-developed artificial intelligence platform DeepSeek in government agencies handling sensitive data and critical operations.
They warn that allowing such tools in public-sector systems could pose serious risks to national security, data privacy and sovereignty.
Data breach and legal concerns
Sameer Kumar of Universiti Malaya said DeepSeek suffered a data breach early last year, with more than one million log entries and chat histories reportedly exposed in a publicly accessible database due to misconfiguration.
“In the case of DeepSeek’s 2025 breach, I believe such incidents result from inadequate encryption. For government users, this would mean even routine communications could be intercepted by third parties. This is a serious problem,” he said.
He also pointed out that DeepSeek had stored personal data in China without adequate safeguards, prompting regulators in Italy to block access to the platform over alleged violations of the EU’s General Data Protection Regulation (GDPR).
Sameer noted that under China’s National Intelligence Law — particularly Article 7, which requires organisations and citizens to cooperate with intelligence efforts — data processed within China could potentially be subject to state access.
However, he stopped short of supporting a total ban, suggesting instead that Malaysia impose strict compliance requirements applicable to all AI providers.
Sovereignty and compliance risks
Fong Choong Fook, founder of security firm LGMS, warned that civil servants might inadvertently input sensitive information into chatbots during routine use. Such data, he said, could be processed or stored offshore and used to further train AI models.
He cautioned that this may expose the government to sovereignty risks, data exfiltration, credential leaks and unauthorised access to official systems.
Fong recommended prohibiting DeepSeek’s use within national security agencies, law enforcement bodies and departments handling sensitive citizen information. Several countries, including Germany and Italy, have imposed blanket bans, while others such as Australia, India and the United States have restricted its use within parts of their public sectors.
He added that a blanket ban should only follow clear evidence of unacceptable risk, with risk-based restrictions being the more practical approach.
Call for national AI framework
DeepSeek, developed by Chinese researchers, gained attention as a potential rival to ChatGPT, particularly for its strength in Mandarin and other Asian languages.
Sameer stressed the need for Malaysia to establish a comprehensive National AI Governance Framework. Ideally, he said, AI-related data should be stored exclusively within Malaysia’s jurisdiction. Alternatively, sovereign encryption measures could be implemented, with encryption keys held solely by Malaysian authorities to prevent foreign access.
Both experts agreed that human error remains a major vulnerability, urging mandatory AI usage training for civil servants and thorough due diligence, including security testing of AI vendors, before allowing deployment in government systems.
-freemalaysiatoday
