DeepSeek AI does not appear to have robust measures in place to prevent man-in-the-middle (MITM) attacks. While specific details about DeepSeek's MITM prevention strategies are not explicitly mentioned in the available information, several security concerns and vulnerabilities have been highlighted:
1. Encryption Issues: DeepSeek's iOS app has been found to disable App Transport Security (ATS), which is a platform-level protection that prevents sensitive data from being sent over unencrypted channels[4]. This means that data can be transmitted without encryption, making it vulnerable to interception. Although some parts of the data are selectively encrypted, the app uses an insecure and deprecated encryption algorithm called 3DES, and the encryption key is hard-coded into the app[4].
2. Data Exposure: There have been instances where DeepSeek's database infrastructure was not properly secured, leading to public exposure of sensitive information such as chat histories and backend credentials[1][2][4]. This lack of security could potentially facilitate MITM attacks by allowing attackers to access or manipulate data more easily.
3. General Security Vulnerabilities: DeepSeek has been shown to be highly susceptible to various security threats, including algorithmic jailbreaking and prompt escalation techniques[1][2]. These vulnerabilities could be exploited by attackers to conduct MITM attacks or other forms of cyber threats.
To effectively prevent MITM attacks, it is generally recommended to use strong encryption mechanisms, such as HTTPS, and ensure that all data transmissions are encrypted. Additionally, implementing robust authentication and authorization mechanisms can help protect against unauthorized access. However, based on the available information, DeepSeek does not seem to prioritize these security measures adequately.
Given these concerns, organizations and individuals should exercise caution when using DeepSeek AI and consider implementing additional security measures, such as using secure web gateways or firewalls to block access to DeepSeek's services[6]. Moreover, using end-to-end encrypted messaging apps and avoiding the sharing of sensitive data through unsecured channels can help mitigate risks[5].
Citations:
[1] https://www.esentire.com/blog/deepseek-ai-what-security-leaders-need-to-know-about-its-security-risks
[2] https://www.cshub.com/threat-defense/articles/cyber-security-implications-deepseek-ai
[3] https://www.appdome.com/dev-sec-blog/how-enterprises-can-defend-against-deepseek-ai-mobile-security-threats/
[4] https://krebsonsecurity.com/2025/02/experts-flag-security-privacy-risks-in-deepseek-ai-app/
[5] https://www.securityweek.com/deepseek-exposes-major-cybersecurity-blind-spot/
[6] https://ironscales.com/blog/deepseek-ai.-what-it-security-leaders-need-to-know
[7] https://blogs.cisco.com/security/evaluating-security-risk-in-deepseek-and-other-frontier-reasoning-models
[8] https://www.radware.com/blog/threat-intelligence/deepseek-s-cyberattack-a-wake-up-call-for-ai-security/
[9] https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/
[10] https://sbscyber.com/blog/deepseek-ai-dangers