Memo to the President on the National Security Implications of DeepSeek Models
I'm Ylli Bajraktari, CEO of the Special Competitive Studies Project. Today, I'm excited to share the next episode of our #MemosToThePresident Series. I sat down with SCSP Senior Advisors PJ Maykish and Ylber Bajraktari to discuss the national security implications of the DeepSeek release. To revisit our previous DeepSeek episode, check out Episode 9 on our SCSP YouTube Channel.
I hope you enjoy the conversation!
For much of the Cold War of the last century, a consistent pattern would hold. America would invent and field a game changing technology, with the Soviet Union and Communist China struggling to catch up, often many years later. Unheralded outside of national security circles, these offsetting inventions would propel a technological leap-forward for the United States, while offsetting advantages of our adversaries.
This was, first, the story with the nuclear bomb. The United States tested its first nuclear bomb in 1945; it took the Soviet Union another four years before successfully testing one. It took Beijing another 15 years to conduct its own successful test in 1964. A similar story surrounded America’s pioneering of stealth technology. The U.S. military began investing in stealth in the 1970s, with the first prototype flight conducted in 1977. Moscow struggled to keep up, and only in 2011 unveiled a stealth fighter. China, initially a laggard in this space, started making progress in late 1990s and has continued to improve—dramatically one could say—in recent years. Yet another similar story transpired with precision strike capabilities. The U.S. military led the way, shocking and awing the world with its new precision strike capabilities during the first Gulf War in 1991. The Soviet Union’s ambitions were derailed when it lost the Cold War, though the Russian Federation appears to have made progress over the past decade, demonstrating its capabilities—often against innocent civilians—in Syria and Ukraine. China was a late, but an ambitious entrant in this space, even though it still lacks practical experience with such capabilities. This pattern would repeat itself with the global positioning system (GPS), unmanned systems, batteries, solar technology, and the internet, to name a few.
The unveiling of DeepSeek AI models from China last week was a stark reminder of how much things have changed. In the age of artificial intelligence, technological advantages—impressive as they may be at the moment—are much more short-lived. In early 2024, experts were assessing that America was one to two years ahead of China on AI. By late 2024, the estimated lead had shrunk to mere months. If DeepSeek’s performance parameters are to be believed, America’s lead in AI development appears to be razor-thin, and contested. Such is the character of competition in the 21st century, whether in Ukraine or between the United States and China—no advantage in innovation is pre-ordained and guaranteed to last. It must be pursued relentlessly and it requires a standing, competitive footing.
There are, at least, five important national security implications for the United States and its allies from China’s rapid AI advances. First, the national security enterprise of the U.S. government must start assuming the worst case about our adversaries AI advances. As Google warned last week, China and Iran are already using American-developed generative AI capabilities to enhance their cyber attacks against the United States. Moreover, the unveiling of DeepSeek’s models appeared to have the hallmarks of a coordinated campaign—to undermine confidence in America’s AI leadership, to create uncertainty about the business models of U.S. companies, to instill doubts about U.S. export policies, to impact America’s stock market, and to proliferate China’s models across the world. As China will undoubtedly continue to develop even more advanced models, the United States government will need to forge a stronger and standing partnership with American companies to help guard against strategic surprises. At the same time, the U.S. government will also need to consider how to hold Chinese models at risk, particularly those that may be utilized by the PRC to target our economy, public square, and our national security. The PRC recently demonstrated its cyber prowess with Salt Typhoon and Volt Typhoon attacks; the United States needs to think through and plan for what a possible “Deep Typhoon” intrusion may look like and develop response options now.
Second, the United States will need to design a layered defense of our frontier AI developers and related infrastructure. The newly appointed White House “czar” for AI and crypto, David Sacks, suggested last week that there is evidence that DeepSeek had used OpenAI’s model to train its own via a technique called “distillation.” While this is deeply concerning, it would have been even more alarming if evidence suggested that DeepSeek or other Chinese actors hacked into OpenAI to steal its model weights. As AI infrastructure and models become integral to our economy and national security, they will inevitably become high value targets for our adversaries. The U.S. government needs to consider what our declaratory policy should be for AI infrastructure—what Washington is willing to defend and retaliate for—and work with private companies to enhance their personnel, physical, and cyber security measures. There may come a time when the U.S. government may even need to build redundancies to select AI infrastructure to ensure continuity of operations, conceal or harden such redundancies, or deploy defensive assets around them. And, U.S. war plans for each of our adversaries need to incorporate targeting of their AI infrastructure.
Third, the United States will need to consider what policies to put in place vis-a-vis foreign open weight models, particularly those that originate and are controlled by entities in jurisdictions of foreign adversaries. To date, the discourse in the United States has primarily focused on whether America’s frontier models should be open source or not—a debate fueled by reasonable concerns over proliferation of frontier AI models to foreign state and non-state actors that mean to harm the United States. And while this issue hasn’t been definitely resolved, an equilibrium appears to be settling in, with U.S. companies ruling out open weight models and building in safeguards for some of the most high-consequence use cases.
However, DeepSeek’s public release raises another question: How should the United States address the growing adoption of PRC-controlled AI models and platforms? While open-weight models run locally may present minimal inherent data privacy risks, many users still prefer to access them through proprietary infrastructure—as evidenced by DeepSeek’s app achieving #1 in the iOS App Store across 128 countries. This allows DeepSeek to collect user data, store it in China (where the CCP has access), and use it for future model training, per DeepSeek's Privacy Policy. Beyond data privacy concerns, the proliferation of Chinese AI models presents additional risks. Research has shown that AI models can contain hard to detect backdoors or sleeper agents, potentially introducing vulnerabilities into U.S. systems. Given the weight of these risks, the United States cannot afford to have a reactive and ad hoc approach, as it did with TikTok, taking action only after a PRC-controlled platform has dramatically penetrated U.S. markets. The United States needs to articulate a policy and legal framework that is anticipatory in nature.
Fourth, while our export restrictions on AI may be imperfect, it would be misguided to believe that curtailing exports alone will maintain America’s AI advantage. This cannot be a Department of Commerce mission alone. It will also need to include diplomatic, intelligence, and defense actions - in concert with our allies and partners. The U.S. government must think holistically about how to promote America’s advances—such as moonshot goals in artificial general intelligence (AGI)—and slow down those of our adversaries. Only a deliberate, coherent, and sustained campaign will keep the United States in the game, and—possibly—in the lead.
Lastly, as DeepSeek’s app moved to become one of the most popular ones around the world, it provided another glimpse into what a bifurcated digital world may look like. On one side, American-developed models built with extraordinary investments in physical and human capital and subject to rule of law, but perhaps not as widely available to the rest of the world due to current subscription models. And, on the other side, PRC-based platforms built on suspect foundations that are light on safeguards but heavy on political censorship, spread globally—building a network for data extraction, spreading of pro-Communist Party worldviews, and perpetuating technological dependencies. Data extraction could become a pipeline of intelligence for Beijing’s Ministry of State Security given the CCP’s latitude over companies domiciled in China. The pro-CCP bias of the model could help reinforce the messaging by the United Front Work Department—the CCP’s propaganda arm. And increasing technological dependencies grants Beijing more access and placement into the U.S. and allied ecosystems that can be used as leverage in national security scenarios, including in times of war.
[1] The true cost of open-source AI models, uncontrolled publication of advanced AI research in Nature etc, and open-throttled & unsupervised API access to commercial AI models, means [2] the full enabling of totally unmitigated IP replication, IP derivation, and IP theft by potential and actual adversaries for use in a multitude of totally uncontrolled AI applications.
Now consider, this is IP that has cost literally US$ multi-billions to create over decades, and is obviously worth many times more.
[3] The US commercial and open-source AI players have run a plethora of solid arguments against strong regulatory controls of the most pioneering and advanced AI, because for example, such regulation "would stifle innovation and commercial freedom".
Yes, possibly.
[4] However, the contra argument is demontrably proven by the 'sudden and shocking' arrival of DeepSeek-R1 from 1.5B to 671B which are all _completely open source_ !
It is logically obvious that [1] leads to [2] leads to [3] leads to [4]. Quite frankly, nobody should be surprised. Maybe part a solution is [5].
[5] If the US Govt seriously wants to protect a wide range of _unbelievably important_ commercial and economically competitive interests, National Security, and that of its closest global allies, then perhaps the key US decision makers might want to think long and hard about radically changing [3] to prevent far more of [4].
You missed a biggie. Export restrictions impact only chips. The problem is we have 275k student from the PRC in the US, studying things line AI algorithms. Maybe that’s…dumb?