There are certain things DeepSeek doesn’t want you to know. 1,156 things, to be precise.
The Chinese startup’s latest AI chatbot went viral this week after its performance matched that of OpenAI’s ChatGPT – despite being built at a fraction of the cost. It topped Apple’s app charts and inflicted $1 trillion of losses to the share prices of the world’s biggest tech companies.
But while DeepSeek’s R1 is intelligent enough to match the best models built by US tech firms, it is also intelligent enough to know not to upset the Chinese Communist Party (CCP).
When presented with topics deemed sensitive by Beijing, the breakthrough artificial intelligence model refuses to give an answer.
If you ask what happened in Tiananmen Square on 4 June 1989, it responds: “Sorry, that’s beyond my current scope. Let’s talk about something else.”
If questioned about the treatment of Uyghur Muslims, executions carried out using ‘mobile death vans’, or even simply “Who is Xi Jinping?”, it will come up with the same response. When asked about Winnie the Pooh, it refused to even answer.
Analysis by researchers at the developer blog Promptfoo found that 1,156 prompts containing CCP-sensitive information triggered the refusal message, while other subjects like Taiwan resulted in pro-China propaganda about the island nation.
China’s online censorship laws mean that tech companies operating within its borders must adhere to strict rules about what content can appear.
Known as the Great Firewall of China, it prevents Chinese web users from accessing websites like Google, Facebook and Wikipedia.
Typically this censorship does not extend beyond China’s borders, but the sudden popularity of Chinese apps like DeepSeek puts other web users at risk of Chinese censorship and disinformation.
DeepSeek users have already found ways to get around the app’s restrictions, either through the phrasing of a question, or by adjusting its underlying code.
“It turns out DeepSeek can be trivially jailbroken,” one researcher wrote in a post to Promptfoo.
“Having tested many models and applications that go to great lengths to censor certain topics, it’s clear that DeepSeek implemented CCP censorship in a crude, blunt-force way. I speculate that they did the bare minimum necessary to satisfy CCP controls, and there was no substantial effort within DeepSeek to align the model below the surface.”
One way to bypass the censorship is by making a question generalised, or wrapping it in a request for a novel or short story.
A Reddit user even found a way to get answers about forbidden topics by asking DeepSeek to replace letters of the alphabet with numbers.
The open-source nature of DeepSeek means developers can also build versions of it that remove any content restrictions, which Promptfoo estimates will happen “in a week or so”.
The app’s links to China have also raised privacy concerns, similar to those currently being faced by other Chinese-owned apps like TikTok. The social media platform required an executive order from US President Donald Trump to avoid an outright ban in the US, with DeepSeek now coming under the same scrutiny.
“The model is heavily intertwined with the CCP, which means any data process through DeepSeek Cloud risks being syphoned for the CCP’s own gain,” Emin Can Turan, the chief executive and lead researcher at the UK-based AI platform Pebbles Ai, told The Independent.
“An open-source model, with little to no transparency, exacerbates this risk – as does the impending trade war between the US and China... We’re presented with an extremely impressive force in AI given the cost of its development and its potential applications. But that force has no meaningful accountability, an inherently compromised knowledge base, and is likely to be a point of focus in the biggest trade conflict of the year ahead.”
