Chinese AI startup DeepSeek said it was hit by a cyberattack, prompting the company to restrict user registrations and manage website outages as demand for its AI assistant soared.
According to the company’s status page, DeepSeek has been investigating the issue since late evening Beijing time on Monday.
“Due to large-scale malicious attacks on DeepSeek’s services, registration may be busy. Please wait and try again. Registered users can log in normally,” the company said on the site by Tuesday morning.
The outages were the company’s longest in nearly three months and coincided with the AI assistant becoming the top-rated free app on Apple’s US App Store.
DeepSeek’s rise to prominence comes after the January 10 launch of its AI assistant, powered by the DeepSeek-V3 model, which its creators claim rivals the most advanced closed-source models globally.
The startup’s offering has drawn significant attention due to its efficiency, requiring less data and costing a fraction of the investment needed for competing AI solutions.
Despite its modest origins in Hangzhou and a reported training cost of under $6 million using Nvidia’s H800 chips, DeepSeek’s success has prompted questions about the effectiveness of US export controls aimed at limiting China’s access to advanced AI hardware.
The Biden administration has expanded restrictions on such technology since 2021 to curb China’s AI advancements.
DeepSeek is the first Chinese AI model to receive widespread praise from Silicon Valley, challenging long-held assumptions about US dominance in AI innovation. Its sudden ascent has also triggered scrutiny of AI development costs, chip dependency, and global cybersecurity practices.
AI and security concerns
While the exact nature of the cyberattack remains unclear, analysts say the incident highlights the growing cybersecurity challenges AI startups face as they scale rapidly, particularly in a landscape shaped by rising geopolitical tensions and fierce global competition.
“The cybersecurity threat landscape is ever-evolving, with increasingly sophisticated AI-powered attacks posing significant risks,” said Prabhu Ram, VP of the industry research group at Cybermedia Research. “By adopting an always-on security posture – including proactive measures, regular audits, employee training, and advanced threat detection tools – enterprises can effectively mitigate these challenges.”
The cyberattack underscores that DeepSeek, despite its rapid rise to rival established players like Google, remains a startup navigating the challenges of the fast-paced AI industry. Startups often prioritize innovation and speed, but this growth comes with significant risks.
“Putting in security for a SaaS startup is very different from securing a large SaaS provider,” said Keith Prabhu, founder and CEO of Confidis. “You suddenly become a bigger target and come within the sights of more serious and resourceful hackers. Given that startups face financial challenges, implementing security as they scale becomes a major challenge due to competing financial priorities.”
Safeguarding training data, securing proprietary algorithms, and managing vulnerabilities in open-source tools are essential to sustaining both user trust and operational stability.
“For enterprises, the responsibility is equally critical – they must rigorously evaluate AI providers, from encryption practices to compliance with GDPR, HIPAA, and beyond,” said Abhivyakti Sengar, senior analyst at Everest Group. “Startups need to wake up to the fact that trust and security are their greatest competitive assets, without which, even the most innovative AI solutions can quickly lose credibility.”
Lingering skepticism
However, not everyone is certain that a cyberattack is behind the problem, particularly since DeepSeek’s low cost and efficiency claims have not been fully verified.
“What if the real issue was that the company wasn’t prepared for the demand and couldn’t scale effectively?” asked cybersecurity analyst Sunil Varkey. “The company may prefer to attribute the outage to a cyberattack rather than expose a lack of preparedness.”
The skepticism highlights broader challenges AI startups face as they navigate rapid growth while ensuring operational resilience.
If scaling issues were a factor, it could point to deeper vulnerabilities within DeepSeek’s infrastructure – vulnerabilities that may also affect other AI providers. The incident underscores the need for startups to balance innovation with robust scalability and transparency, especially as competition intensifies and user expectations grow.