Appdome, the pioneer in protecting mobile businesses, announced that new dynamic defense plugins are available on its AI-Native Defense platform to detect and defend against DeepSeek AI attacks on Android & iOS devices.
The new plugins allow enterprises to safeguard mobile enterprise apps, harden remote access and protect mobile work from DeepSeek spyware.
Dynamic defense plugins
The new dynamic defense plugins targeting DeepSeek attacks are open by choice
The new plugins use behavioural analytics to detect unusual file access, data extraction, user monitoring, and unusual network traffic to external AI servers performed by DeepSeek.
Like all Appdome defences, the new dynamic defense plugins targeting DeepSeek attacks are available by choice using the Appdome platform without the need to integrate code, perform manual coding, implement SDKs, or deploy servers.
Data leakage risks
DeepSeek, a free, AI-powered chatbot mobile app, has grown in popularity quickly. It has also created a huge risk for enterprises and governments using mobile devices and apps in the workforce.
For example, reports have surfaced that DeepSeek can be used as spyware to harvest and send user data to China without the user’s knowledge. Likewise, users can unknowingly or accidentally post sensitive information to DeepSeek, creating data leakage risks for corporate data and sensitive documents.
Use of DeepSeek on mobile devices
There’s no way to detect if DeepSeek is being used as spyware or if users share sensitive data via DeepSeek
Recognizing the severity of the threat posed by DeepSeek, some enterprises have banned the use of DeepSeek for work purposes. Likewise, several government agencies, including in the United States and South Korea, have introduced legislation to ban the use of DeepSeek on mobile devices used for government purposes.
However, these bans are without teeth because – without Appdome – there is no way to detect DeepSeek on a mobile device, particularly a BYOD mobile device in an enterprise setting. And there’s no way to detect if DeepSeek is being used as spyware or if users share sensitive data via DeepSeek.
Risk to the mobile enterprise
“The explosive popularity of DeepSeek AI creates a serious and immediate risk to the mobile enterprise,” said Tom Tovar, co-creator and CEO of Appdome.
“If you're one of the many who believe DeepSeek poses a risk to your mobile workforce or consumers, now you have a way to detect and prevent Deepseek from infiltrating your mobile apps or exposing your data.”
DeepSeek Attack plugins
Appdome’s new Detect DeepSeek Attack plugins are particularly powerful in enterprise use cases
Appdome’s new Detect DeepSeek Attack plugins are particularly powerful in enterprise use cases such as mobile apps for work, enterprise apps, and Bring Your Own Device (BYOD) mobile strategies.
When deployed in an enterprise app, the defense will detect an active DeepSeek session on the device and offer enterprises and B2B mobile app makers multiple enforcement options to mitigate the DeepSeek risk.
Appdome’s new DeepSeek detection
Appdome’s new DeepSeek detection can be deployed standalone or in combination with other defences to detect DeepSeek being used as spyware and when employees post content to DeepSeek.
“As organisations race to embrace AI throughout the workforce and DeepSeek grows in popularity, enterprises need an early warning system to detect when specific AI tools are in use,” said Chris Roeckl, Chief Product Officer at Appdome.
DeepSeek transmits user data
Security analyses reveal that DeepSeek transmits user data without right encryption
Roeckl added: “Today that threat comes from DeepSeek and tomorrow it could be another AI-tool. No matter what, cyber organisations and IT need to be able to enforce policies regarding AI use responsibly.”
In published cases, DeepSeek exposed users to unauthorised data collection, weak encryption practices, and potential surveillance by state-linked entities. Security analyses reveal that DeepSeek transmits user data without proper encryption, employs outdated cryptographic algorithms, and lacks robust anti-tampering protections, making it vulnerable to reverse engineering.
DeepSeek with memory dumps
Beyond these published risks, attackers can expedite the runtime analysis of potential victim apps by feeding DeepSeek with memory dumps, encrypted files, and server responses directly on the device.
This could also enable runtime memory extraction, allowing attackers to scan active memory for cryptographic keys, authentication tokens, and decrypted session data, compromising financial transactions and authentication flows.
AI model for malicious purposes
DeepSeek has set guardrails designed to prevent using the AI model for malicious purposes
Additionally, DeepSeek may facilitate dynamic code injection by identifying unprotected vectors, enabling attackers to bypass security controls like root detection and anti-debugging, manipulate app behaviour, and intercept sensitive interactions without persistent malware.
The creators of DeepSeek have set guardrails designed to prevent using the AI model for malicious purposes, however, during the analysis of this model, multiple “jailbreaks” were found that allow circumventing security restrictions.
Appdome DeepSeek detection
“If you use mobile in the workforce, then you need to safeguard your organisation against DeepSeek,” said Kai Kenan, VP of Cyber Research at Appdome.
“Users, even informed users, can download DeepSeek AI onto BYOD or shared devices used in highly sensitive operations. With Appdome DeepSeek detection, there’s no reason to be in the dark about the use or infiltration of DeepSeek in the enterprise.”
Find out the state of adoption, trends and opportunities with Artificial Intelligence (AI) in physical security.
