Italy’s data protection authority, the Garante, has suspended Chinese AI firm DeepSeek’s operations within the country due to insufficient transparency regarding personal data handling. The decision came after DeepSeek’s inadequate response to inquiries about its data collection practices, storage locations, and training data sources.

The Chinese companies behind DeepSeek claimed non-operation in Italy and disputed the applicability of European legislation. This stance prompted an immediate service block and triggered an investigation by the watchdog.

Security Concerns and Vulnerabilities

Recent analysis by cybersecurity experts has revealed several critical vulnerabilities in DeepSeek’s systems:

– Susceptibility to jailbreak techniques including Crescendo and EvilBOT
– Potential for generating harmful content and malicious code
– Information leakage risks through Chain-of-Thought reasoning
– Possible unauthorized use of OpenAI data in their models

Similar AI Security Issues

The incident highlights broader AI security challenges across the industry:

– OpenAI’s ChatGPT-4 faced the “Time Bandit” vulnerability
– Alibaba’s Qwen 2.5-VL model showed security weaknesses
– GitHub’s Copilot revealed bypass vulnerabilities through simple prompt modifications

This development follows Italy’s previous temporary ban on OpenAI’s ChatGPT in 2023, which was lifted after the company addressed privacy concerns but resulted in a €15 million fine.

The case underscores growing regulatory scrutiny of AI services and the increasing importance of data privacy and security in artificial intelligence applications.