In recent news it has been discovered that user interactions with the GenAI platform Deekseek was publicly available online. In a recent penetration test carried out by the cloud provider Wiz an unauthenticated publicly available database was discovered that contained sensitive information including chat history. Wiz has notified Deekseek of this vulnerability & Deekseek has rectified the issue however this has exposed the potential risk of using GenAI programs, such as Deepseek for your company or organizations.
Personally myself, I have not used Deepseek for my own business operations. However, I have used Deekseek to assist me in creating a JavaScript game called Black Hole
run. This JavaScript game is open source. The code is freely available on GitHub. I can be assured that the only information of mine that was potentially compromised was open source code that I have already made publicly available for educational purposes.
However, this did get me thinking. What if I did use the GenAI platform Deepseek in my business operations? What If I used GenAI to author my emails to my clients? something that I would never do. What if I shared my private internetwork details with Deepseek? What if I shared the network configuration details of my clients with Deepseek? Well, If I did any of this then I would be very worried about my privacy and my clients privacy at the moment.
It should be noted, that my privacy policy specifies that I would never share Private customer and business proprietary information with Gen AI . Furthermore, my terms of service policy specifies that I would never use GenAI to respond to a customer.
GenAI in the workplace should be heavily restricted and monitored, in my opinion its better for businesses and organizations that are interested in GenAI to explore their own localised GenAI platforms. There are open source GenAI models available online, Ollama provides an resource of open source AI models that can be fine tuned.
A risk assessment must be carried out before any business or organisation employs the use of GenAI. Staff need to be educated on what information they can share and should not share with GenAI. Such risks include providing private customer information, proprietary code, network information, trade secrets, financial records, proprietary research, business strategies etc. Furthermore, what are the risks of using GenAI to interact with your clients? How can you be assured that GenAI will provide great customer service? Before the risk assessment is carried out, GenAI usage should be restricted.
On the topic of GenAI restrictions on the 4/2/25 The Australian Government Department of Home Affairs updated the protective security policy framework (PSPF) via direction 001-2025 to restrict the usage, installation or access of Deepseek products on Australian government devices across the whole of government.
The penetration test against Deepseek has shown the risks involved if GenAI was allowed to operate on government devices with no restrictions. As a tax paying citizen of Australia, when I deal with my government I prefer to talk to a human, and not a machine, and I would be very annoyed if my conversations with the machine where leaked online.
If GenAI replaced governmental staff, then my information as a citizen could have been potentially compromised. I am someone who personally believes that GenAI should never replace customer service jobs. I am old fashioned, If I take my time to write you an email, I expect a human to respond and write back.
In conclusion, while GenAI could offer a benefit to business and organisations the potential risks and hazards of this emerging technology still need to be explored. GenAI usage in the workplace should be heavily restricted and monitored. Companies and organisations interested in GenAI should consider their own localised GenAI platforms and carrying out risk assessments. GenAI should never replace customer service for the simple reason that GenAI provides poor customer service. At the end of the day, remember the machines work for us.