Why DeepSeek's Open-Source AI is an Enterprise Security Risk

Bringing AI into the enterprise creates a mix of opportunities and risks, many of which are still evolving as rapid adoption continues. 

For CISOs and security professionals, this means ongoing challenges and complexity in areas including data quality, exposure of sensitive information, data privacy and risk, and how to secure an increasing number of third-party tools. 

Despite this broad threat landscape, the appetite for AI in companies hasn’t dimmed. According to Zscaler there has been a 3,000+% year-over-year growth in enterprise use of AI/ML tools across industries. 

Concerningly for businesses, threat actors are also showing similar levels of AI adoption – Gen AI became the cybercriminal’s social engineering tool of choice over 2024, while instances of phishing emails and deepfake videos rose rapidly. 

“As AI transforms industries, it also creates new and unforeseen security challenges,” says Deepen Desai, Chief Security Officer at Zscaler, discussing the report’s findings. 

“Data is the gold for AI innovation, but it must be handled securely.”

The risks of rapid AI adoption

Zscaler’s ThreatLabz 2025 AI Security Report explores how organisations are integrating and managing AI use to understand how security leaders are delicately balancing AI-driven innovation and security. 

It finds a complex and AI-filled landscape underpinned by high adoption and use rates – 536.5 billion transactions from AI/ML applications occurred over the past year, with enterprises transmitting a total of 3,624 TB of data to AI tools. 

A significant portion of this growth comes from widely used applications including ChatGPT, Grammarly, Microsoft Copilot and other AI/ML tools. 

Based on analysis of over 536bn AI transactions between February and December 2024, Zscaler says the AI technology boom is outpacing security controls. 

“Organisations must take decisive action to secure AI and protect their data,” the report warns, noting that the AI threat landscape is already evolving faster than most enterprise security postures can keep up.

Organisations blocking AI

Nearly 60% of AI/ML activity is now being actively blocked by enterprises — evidence that concerns persist around the potential for data leakage, IP theft and compliance breaches.

ChatGPT, which is the most commonly used tool among global organisations, topped the list of most-blocked applications, alongside Grammarly and Microsoft Copilot. 

In practice, this level of blocking means many organisations are taking a hard stance against unauthorised AI usage — either due to data sensitivity, regulatory requirements or a lack of internal policy and governance.

These findings align with data from Zscaler’s State of Zero Trust Transformation Report, which shows that 95% of global IT leaders were concerned about data exposure through generative AI tools.

The risk of frontier AI

While legitimate enterprise use is climbing, Zscaler warns that AI is also being weaponised by cybercriminals. 

The report points to a “dramatic shift in the threat landscape”, where tools like agentic AI and large language models (LLMs) such as DeepSeek are being exploited to craft more convincing phishing attacks, generate malicious code and even automate the steps of a cyberattack.

“Threat actors are evolving their techniques to exploit AI,” the report notes. “This includes automated exploitation, social engineering, deepfakes and other AI-enhanced methods.”

Specifically on DeepSeek, Zscaler warns of the risks of open-source and frontier AI models, which come with their own security risks. 

According to Zscaler, DeepSeek’s move towards democratising AI raises challenges around privacy and data sovereignty. The lower barriers to entry it provides also benefit cyber criminals and rogue AI developers, who can easily and cheaply exploit the technology’s capabilities for malicious purposes. 

Key risks related to the adoption of open-source AI like DeepSeek include: 

• Weak security controls that enable automated cybercrime and adversarial manipulation. 
• Data exfiltration and cybercriminal empowerment.
• Vulnerability exploitation.
• Accidental data exposure as a result of improper governance.
• Data retention risks.

Rethinking Enterprise AI Security

Blocking AI tools isn’t enough, Zscaler states. Instead, enterprises must adopt a Zero Trust architecture that's purpose-built for the AI era. 

The report outlines a seven-part framework to help organisations embrace AI securely:

1. Zero trust foundation – minimise external attack surfaces with least-privilege access and continuous verification.
2. Real-time AI insights – leverage predictive AI and real-time analytics to improve security response and decision-making.
3. Data classification – use AI to detect and label sensitive data automatically across cloud and endpoint environments.
4. Threat protection – identify and block AI-powered attacks in real time using cloud-native tools.
5. Application segmentation – prevent lateral movement across applications through granular access controls.
6. Breach prediction – use AI to predict potential breaches before they occur, based on behavioural signals and threat modelling.
7. Cyber risk assessments – continuously generate AI-driven risk reports to inform strategy and compliance.

“Organisations must take decisive action,” the report stresses. “Cybersecurity leaders must build a robust AI security strategy and governance framework to assess and manage enterprise AI use.”

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand