DeepSeek, Open-Source AI, and Implications for Businesses

DeepSeek and a turning point in the AI race

Over two years ago, ChatGPT made headlines as one of the most powerful GenAI chatbots the world had seen. Today, DeepSeek, a Chinese tech start-up, is shaking up the AI landscape with a model that delivers comparable performance at a fraction of ChatGPT’s cost. The company claims its DeepSeek-R1 model is 20 to 50 times cheaper to use than OpenAI’s o1, depending on the task [2]. According to DeepSeek’s own report, training its V3 model cost just US$5.6 million, which—if accurate—would represent remarkable cost-efficiency compared with competitors that have poured billions into AI training [3].

DeepSeek’s rapid rise is inevitably unsettling for its rivals. In response, OpenAI has announced that it will accelerate new product releases, most recently introducing “Deep Research,” a report-generation tool designed to match the performance of a human analyst and powered by its most advanced model, o3 [4]. Just days earlier, OpenAI released o3-mini, a more cost-efficient variant of its powerful o3 model that offers comparable capabilities in math, coding, and science, but at significantly lower cost and with faster responses [5]. Beyond OpenAI, DeepSeek’s domestic competitors are also raising the stakes. Chinese tech giant Alibaba has launched its latest Qwen 2.5-Max model, which it claims outperforms DeepSeek’s V3, OpenAI’s GPT-4o, and Meta’s Llama-3.1-405B. On top of performance, Chinese tech firms are waging an aggressive price war, with Alibaba’s cloud unit cutting prices by as much as 97% across a range of models [6]. Together, these moves send a clear signal: competing on raw power alone is no longer enough.

A heightened focus on open-source AI

One of the key factors behind DeepSeek’s success is its commitment to an open-source approach. An open-source AI system allows anyone to freely access and study how it works, use its capabilities without arbitrary limitations, and even modify and build on top of it to meet specific needs.

In contrast, closed or proprietary AI keeps source code and core algorithms hidden, preventing unauthorized users from inspecting or modifying the models. By remaining open, open-source AI benefits from broad community contributions, enabling continuous improvement and helping to lower development costs over time.

Open-source AI also gives organizations the flexibility to adapt models to their own business requirements without making a heavy upfront investment, making it an appealing option for those seeking lower-cost AI solutions. In DeepSeek’s case, this approach has allowed its developers to leverage existing open research and open-source resources to build its model, and in turn, enable others to build on it as well.

As a result, DeepSeek quickly became the top free app in the US within just a few days of its release and has already inspired more than 700 derivatives [7].

With DeepSeek’s success, open-source AI has drawn global attention that extends well beyond Chinese and US companies. In Europe, a new alliance called OpenEuroLLM has emerged with the goal of developing high-performance, multimodal, open-source large language models (LLMs) for text, speech, and structured data [8].

This initiative seeks to balance rapid innovation with ethical considerations by promoting AI sovereignty, encouraging investment in domestic labs and data centers to ensure greater control over critical AI infrastructure [9].

The hidden costs

Open-source AI clearly accelerates innovation and reduces upfront costs, but it may carry a hidden price in terms of security and privacy. The openness of these models can leave systems more exposed to attacks, as anyone can access and modify the source code.

Researchers have shown that open-source AI models are vulnerable to several types of privacy attacks, including:

• Model inversion: reconstructing or exposing training data by generating output samples that reveal sensitive information.
• Membership inference: determining whether specific data records were used during training.
• Information leakage by memorization: unintentionally revealing sensitive training data when models memorize and reproduce it in their outputs.

They have also found that open-source training data itself can become a target of security attacks, such as:

• Data poisoning: manipulating training data to subtly or drastically change a system’s behavior.
• Backdoor attacks: inserting hidden functionality into training data so that the system behaves differently when a specific trigger input appears.
• Adversarial examples: crafting input data designed to mislead the system into making incorrect predictions or classifications [10].

These technical concerns are no longer abstract. One of the most prominent open-source AI models, DeepSeek, is already under scrutiny over security and data protection risks. Italy's data protection authority blocked DeepSeek’s chatbot in January after the company failed to address questions from the watchdog, particularly about the types and sources of data collected, the purposes and legal basis for processing, and whether any of the data is stored in China [11].

Following Italy's move, Australia, Taiwan, and South Korea have also banned state employees from using DeepSeek on government devices. Other European countries, as well as the United States and India, are considering similar restrictions, underscoring how security and privacy concerns around open-source AI can quickly translate into regulatory and operational constraints [12].

Implications for businesses

Security and privacy concerns do not necessarily mean that businesses should turn their back on open-source AI systems. Even proprietary AI models such as ChatGPT have faced similar issues and temporary restrictions from several governments. Given the immense potential of open-source models – including accelerated innovation and reduced development costs – it would be detrimental for businesses to overlook them.

However, organizations should approach adoption cautiously and put robust risk mitigation strategies in place. This includes developing strict internal security policies and ensuring compliance by running models in a secure, isolated environment [13].

Businesses, especially those handling sensitive data such as healthcare and financial information, should also carefully assess their AI service providers against local and international regulations and standards, including GDPR and HITRUST. When evaluating providers, it is important to prioritize the following aspects:

• Clear internal security policies and technical controls for protecting data.
• Deployment of AI models in secure, isolated environments that limit exposure.
• Compliance with relevant local and international regulations and industry standards (for example, GDPR and HITRUST).
• Transparency in model development, data usage, and risk management practices.
• Commitment to responsible AI development, ideally through participation in active responsible AI research and development communities.

Collaborating with organizations that prioritize responsible AI, such as FPT – which is part of an active community for responsible AI research and development with Mila, Landing AI and the AI Alliance – is therefore highly encouraged as a way to mitigate privacy, security and regulatory risks.

Conclusion

DeepSeek’s dramatic entrance into the AI arena has shown that raw power alone no longer defines leadership; cost-efficiency and openness now set the pace of the race. By embracing open-source principles, it has helped spotlight how shared research and community-driven development can radically accelerate innovation and lower the barrier for businesses to harness AI. Yet this new openness comes with very real security, privacy, and regulatory challenges that cannot be ignored, especially for organizations handling sensitive data. Rather than walking away from open-source AI, businesses must pair its advantages with disciplined safeguards, from secure, compliant deployment to partnering with transparent, responsible providers. The real question is not whether to join this open-source wave, but how thoughtfully and proactively your organization chooses to ride it.