NowSecure uncovered multiple security and privacy vulnerabilities in the DeepSeek iOS mobile app—ranging from unencrypted data transmission and weak encryption practices to insecure data storage and extensive data collection. With warnings from security experts and worldwide bans in public and private sectors, enterprises need a proactive strategy for blocking DeepSeek usage on their networks.

Today, ThreatSTOP is excited to announce a new target named “DeepSeekAI - Domains”, designed to proactively defend your organization from the significant risks identified by NowSecure. Whether you deploy DNS Defense Cloud(our DNS protection service using ThreatSTOP’s DNS servers in the cloud) or DNS Defense (ThreatSTOP intelligence integrated with your on-premises DNS servers), you can now immediately restrict and block the use of DeepSeek-associated domains across your environment.

 

Why DeepSeek Is a Risk

According to the NowSecure assessment, the DeepSeek iOS app introduces critical issues that can compromise an organization’s sensitive data, intellectual property, and overall security posture. Key concerns include:

  • Unencrypted Data Transmission: Sensitive information, including user details, can be intercepted and manipulated.
  • Weak & Hardcoded Encryption Keys: Outdated encryption (Triple DES) and reused initialization vectors create exploitable vulnerabilities.
  • Insecure Data Storage: Credentials and encryption keys are stored in ways that attackers could easily harvest.
  • Extensive Data Collection & Fingerprinting: The app aggregates enough information to identify and track individuals, posing a major surveillance threat.
  • Transmission & Governance Under PRC Laws: Data is stored and processed by servers linked to China, raising compliance concerns and potential government oversight risks.

These flaws make DeepSeek unsuitable for enterprise and government environments, as highlighted by NowSecure’s recommendation for its immediate removal.

 

ThreatSTOP’s Proactive Approach

ThreatSTOP’s protective DNS solutions are constantly updated to stay ahead of emerging threats. Our ThreatSTOP Security, Intelligence, and Research team specializes in creating protections for command and control, invalid traffic, peer-to-peer communication, data exfiltration, phishing, SPAM, Distributed Denial of Service (DDoS) activity, and more. These proactive policies have a track record of helping organizations intercept threats before they cause harm.

With the new DeepSeekAI - Domains target, ThreatSTOP customers now have an additional layer of proactive protection. By blocking known risky domains associated with DeepSeek, you ensure that devices on your network—whether managed or part of BYOD—cannot communicate with DeepSeek’s infrastructure. This approach mitigates the risk of data leakage, credential theft, or unauthorized surveillance, helping you maintain a robust security posture without compromising business operations.

 

How It Works

1. DNS Defense Cloud: For customers using our cloud-based DNS servers, simply enable the new DeepSeekAI - Domains target in your ThreatSTOP policy. All DNS lookups to associated DeepSeek domains will be denied automatically—no on-premises hardware changes needed.

2. DNS Defense: Customers running ThreatSTOP intelligence on their own DNS infrastructure can activate DeepSeekAI - Domains in the same, straightforward manner. The lists are updated constantly, ensuring that any new domains tied to DeepSeek threats are blocked as soon as they appear in our system.

By stopping resolution requests at the DNS layer, ThreatSTOP prevents users from inadvertently connecting to unsafe endpoints, even if employees have the DeepSeek app installed on their devices.

 

Taking Action

With the findings from NowSecure, many enterprises and government agencies have already pulled DeepSeek from their devices. However, ensuring this app can’t bypass policy or resurface in your environment calls for layered defenses. ThreatSTOP offers a decisive line of protection, giving security teams the confidence that DeepSeek’s compromised domains won’t pose a threat to data or operations.

 

Next Steps

Enable the “DeepSeekAI - Domains” target: Start blocking potentially harmful communications immediately.

Audit existing device usage: Identify any users or systems still leveraging DeepSeek and remove it from all managed and BYOD devices.

Stay vigilant: Continue adopting new ThreatSTOP protections as soon as they are released. We regularly add new intelligence indicators so that your defenses remain active against emerging threats.

 

Join the ThreatSTOP Family

For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our product page. Discover how our solutions can make a significant difference in your digital security landscape. We have pricing for all sizes of customers! Get started with a Demo today!

Connect with Customers, Disconnect from Risks