The Chinese artificial intelligence (AI) startup DeepSeek recently took the markets by storm by releasing an innovative and cost-effective AI model called R1. DeepSeek-R1 rivals more expensive models like OpenAI's ChatGPT. What’s more, it demonstrates that developing advanced AI doesn't necessarily require a massive investment.
Clearly, DeepSeek's efficient AI model has the potential to broaden the adoption of AI. However, it has also caused concern about what the Chinese government will do with the data that it collects. Organizations are right to be worried that their users might expose sensitive customer data, their proprietary algorithms or their internal strategies.
If PII (personally identifiable information) is exposed, this can cause GDPR violations that could have a huge financial impact. Fines imposed by the GDPR can be up to €20 million or 4% of a company’s global annual revenue—whichever is higher. Plus, it can cause reputational damage and a loss in customer trust.
DeepSeek’s privacy policy doesn’t help alleviate these fears. Just consider the statement below:
DeepSeek privacy policy.
To mitigate these risks, organizations should take a comprehensive approach that encompasses people, processes and technology. Not only should they implement technology that provides human-centric access and data controls, but organizations should also establish robust internal policies and AI governance boards for oversight and guidance. They need to be able to monitor AI usage and data access. And they need to have measures in place, like employee training, and a solid ethical framework.
Human-centric security for GenAI
Safe adoption of GenAI tools is top of mind for most CISOs. Proofpoint has an adaptive, human-centric platform for data security that can help. Our solution provides you with visibility and control for GenAI across your organization.
Unlike legacy DLP solutions and web filtering that block all usage of GenAI applications, Proofpoint can selectively allow, guide and restrict their use based on employee behavior and the content that they input.
With Proofpoint Enterprise DLP, Data Security Posture Management and ZenGuide, we can help you enforce acceptable use policies for public GenAI tools as well as enterprise copilots and custom LLM models.
Here’s a comprehensive list of what you can accomplish with Proofpoint:
Gain visibility into shadow GenAI tools:
- Track the use of over 600 GenAI sites by user, group or department
- Monitor GenAI app usage with context on user risk
- Identify and alert on third-party AI app authorizations for access to the user’s cloud data, email, calendar, etc.
Enforce acceptable use policies for GenAI tools:
- Block web uploads and the pasting of sensitive data to GenAI sites
- Prevent sensitive data from being typed into tools like DeekSeek, ChatGPT, Gemini, Claude and Copilot or redact sensitive data that’s typed in AI prompts using our browser extension
- Revoke or block authorizations for third-party GenAI apps
- Monitor and alert when sensitive files are accessed by Copilot for Microsoft 365 via emails, files and Teams messages
- Detect, label and protect files that contain sensitive data, including AI-generated content
Monitor for insider threats with dynamic GenAI policies:
- Capture metadata and screen captures before and after users access GenAI tools
Prevent data exposure to AI copilots and custom LLM models:
- Classify data and manage data access by AI apps like Copilot for Microsoft 365 to ensure AI-generated content does not expose sensitive data
- Protect foundational or custom AI models, including those from DeepSeek in AWS Bedrock and Azure OpenAI from being trained on sensitive data
- Conduct near real-time sensitivity analysis of data usage by GenAI platforms
Train employees on acceptable use of GenAI tools:
- Educate users on the safe use of GenAI with videos, posters, interactive modules and newsletters
- Automate customized training for your highest-risk users
Data security that stays in step with new GenAI tools
Proofpoint is committed to continuously monitoring the GenAI market and staying in lockstep with new AI tools. Our architectural approach enables us to quickly innovate and roll out new capabilities with little impact to user productivity. For example, one of our DLP solutions is a browser extension that prevents data loss through GenAI prompt submissions. This allowed us to quickly respond to DeepSeek.
DeepSeek-R1 was released on January 20. And by January 30th Proofpoint already had the capability to enforce acceptable use policies for DeepSeek and prevent data loss. Once you implement the Proofpoint browser extension for DLP, you do not need to make any further configuration changes or software updates. We push updates through our backend to the browser extension. As a result, new sites like DeepSeek can be supported seamlessly.
Learn more
To learn how DeepSeek’s functionality compares to other AI models, watch our “DeepSeek and Beyond: Fortifying Data Security in the Era of GenAI” webinar on Tuesday, February 11, 2025.
To see a demo of our data security solutions for GenAI, watch our “Defend Data: Innovations webinar” on Tuesday, February 18, 2025.
Reach out to your account team to learn how Proofpoint can help you implement acceptable use policies for GenAI tools and test drive our solution.