Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,800 words, this briefing is about an 8-minute read.
At a Glance.
- World leaders and CEOs meet for Paris AI summit.
- US lawmakers begin banning DeepSeek.
Paris Hosts Major AI Summit.
The News.
On Monday, world leaders and technology executives met in Paris for an artificial intelligence (AI) summit. In addition to announcing new investments, the attendees discussed developing and deploying AI systems safely without sacrificing innovation. This summit emphasized using a less regulated European approach to promote greater competition and innovation.
French President Emmanuel Macron commented on this new deregulation approach, stressing that “we will simplify[, and] it’s very clear we have to resynchronise with the rest of the world” when discussing Europe’s AI regulations. Virkkunen, a European Commissioner, seconded Macron’s calls for deregulation, commenting that she aims to “cut red tape and the administrative burden from our industries.”
Sam Altman, OpenAI’s CEO, echoed these sentiments: "If we want growth, jobs, and progress, we must allow innovators to innovate, builders to build and developers to develop.” Aside from emphasizing a more relaxed regulatory approach, attendees also announced significant funding initiatives including France announcing roughly 110 billion euros in private sector investments. This substantial investment includes multiple different initiatives including a deal with the United Arab Emirates to fund the creation of a new AI data center in France. Another key investment provides for the launch of Current AI, which is a partnership of several European countries, including France and Germany, and industry leaders, like Google and Salesforce, which amassed a 400 million dollar initial investment.
Some of the key leaders who are attending this conference included United States (US) Vice President JD Vance and Chinese Vice Premier Zhang Guoqing, among many others.
The Knowledge.
While this is not the first international summit to address AI, this one differed from the ones held previously in Britain and South Korea. Whereas those previous summits focused on managing AI and establishing proper guardrails, this summit focused on promoting innovation and furthering technological advancements. This substantial tone change marks a significant departure from how leaders approached AI just a few years ago, wherein the previous British summit leaders were emphasizing the “catastrophic” harms that could result from unrestrained AI. These harms included concerns related to potential economic upheaval, national security issues, and risks related to disinformation. This tone change can likely be attributed to Europe's lack of AI development when compared to other global powers such as China and the US. Given Europe’s noticeable higher regulator barriers, increased tax rates, and fewer financial incentives, it is not surprising that AI developers have turned to other nations that have offered more enticing business opportunities. With this tone shift and substantial investments, European leaders are likely looking to grow their AI infrastructure and attract greater domestic investment opportunities.
However, despite this tone shift, other attendees did not agree with this newfound deregulation effort. Brian Chen, the policy director at Data & Society, commented on this shift emphasizing that he worries that “there will be pressures from the US and elsewhere to weaken [Europe’s] AI Act and weaken those existing protections.” Additionally, critics expressed concerns related to how AI could impact labor markets and how to ensure misinformation was being properly handled.
The Impact.
Given the substantial funding initiatives and tone changes that characterized this summit, it is likely these movements will spurn both greater investment and reignite AI regulation conversations across Europe. As European nations pivot their AI policies to attract AI developers, European lawmakers will need to find a balance between executing these new goals without sacrificing the AI guardrails that have already been established. While these initiatives have only just been announced, European citizens should expect similar investments to be announced over the coming months as leaders look to grow Europe’s AI market and make it more competitive when compared to both Chinese and American markets. These changes could also result in new AI legislation being introduced and potentially passed that would reduce Europe’s existing regulatory burdens on AI developers.
Lawmakers Take Action Against DeepSeek.
The News.
Last week, federal lawmakers introduced legislation banning DeepSeek on all federal government devices. Representatives Josh Gottheimer and Darin LaHood, both of whom serve on the House Permanent Select Committee on Intelligence, introduced the law, which is also known as the “No DeepSeek on Government Devices Act. ” Numerous lawmakers expressed privacy and national security concerns about the AI model's inherent ties to China when introducing this bill.
After introducing the bill Representative LaHood stated that “the national security threat that DeepSeek…poses to the US is alarming.” LaHood continued emphasizing that “DeepSeek’s generative AI program acquires the data of US users and stores the information for unidentified use by the [Chinese Communist Party]."
Aside from the federal government, state governments have also reacted to DeepSeek’s sudden emergence into the AI market. Both New York, Virginia, and Texas have taken steps to ban DeepSeek on their state-issued devices. During New York’s ban, Governor Kathy Hochul commented on the AI model emphasizing her “serious concerns” about DeepSeek. Texas Governor Greg Abbott took a similar approach emphasizing that “Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI.”
The Knowledge.
This bill comes after a security research study was published that highlighted how the AI model’s website contained code that could potentially send login information to China Mobile, which is a Chinese state-owned telecommunications company already banned from operating in the US. Coupling these findings with concerns already related to DeepSeek’s data collection practices, it is not surprising that US lawmakers are already beginning to take action. For context, some of the data that DeepSeek automatically collects include items, such as IP addresses, keystroke patterns, and cookies. Additionally, researchers have also highlighted the AI model's lack of privacy controls and high likelihood of spreading propaganda.
Rob Lee, the chief of research and head of staff at SANS Institute, commented on these concerns stating that “unlike OpenAI, which…has a stronger commitment to privacy and anonymization, DeepSeek collects and indefinitely stores massive amounts of user data in China, without clear anonymization measures.” Lee continued stating “that’s a significant risk, not just from a security standpoint, but in terms of potential data misuse, regulatory concerns, and overall trust in AI systems.”
As state and federal lawmakers take steps to ban DeepSeek from government-issued devices, these efforts echo many of the same initiatives that were taken only a few years ago regarding TikTok. While many are familiar with the federal government’s efforts to force ByteDance, TikTok’s parent company, to divest from the social media application in 2024, these efforts did not start outright with nationwide bans. Rather the first steps were very similar to the efforts being undertaken by lawmakers now to initially ban the use of Chinese applications of government-issued devices. While it is unclear whether or not federal lawmakers will look to impose a national ban on DeepSeek as they are currently attempting to do with TikTok, similar efforts could have the potential to dramatically impact the AI market given DeepSeek’s sudden rise in popularity.
The Impact.
While these federal and state-led ban efforts are unlikely to impact the average DeepSeek user, they do raise some valid concerns. Given both lawmakers and security experts raising concerns about DeepSeek, individual users should understand the potential security risks associated with using DeepSeek as well as the potential to be subjected to propaganda. Furthermore, businesses should how these privacy concerns could impact business operations and ensure that this AI model does not have the potential to access any sensitive data until its security concerns are resolved. Lastly, businesses should also avoid becoming overly reliant on DeepSeek until its future in the US becomes more certain. While no nationwide bans have been introduced now and likely would not be introduced for some time, the federal government did set a precedent when it came to addressing TikTok that they could utilize again.
Highlighting Key Conversations.
In this week’s Caveat Podcast, our team held its second Policy Deep Dive conversation, where once a month our Caveat team will be taking a deep dive into a policy area that will be a key topic as the next administration comes into office. In the Policy Deep Dive, our team discussed AI policy assessing how the US has actively managed this technology at both the federal and state levels. Throughout this conversation, our team also discussed what policy gaps still exist and how lawmakers can manage this technology over the next several years.
Like what you read and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other Noteworthy Stories.
Tech Companies Raise Over $27 Million to Improve Kid’s Online Safety.
What: A group of technology companies, led by OpenAI and Discord have raised $27 million to promote stronger safety efforts for children online.
Why: On Monday, this group of technology companies announced their fundraising efforts to build new open-source tools to improve online child safety. For context, this project, better known as the Robust Online Safety Tools (ROOST), was established to “build scalable interoperable safety infrastructure suited for the AI era” and was announced at the Paris AI summit. Eric Schmidt, a former Google CEO, released a statement about ROOST emphasizing that the initiative “addresses a critical need to accelerate innovation in online child safety and AI.”
The founding companies involved in ROOST include Google, Discord, OpenAI, and Roblox.
US Targets Russian Ransomware Networks.
What: The US targeted two Russian ransomware networks through both sanctions and arrests.
Why: On Tuesday, the federal government announced new sanctions against Russian hackers. With these sanctions, the State Department, Australia, and the United Kingdom targeted Zservers, a bulletproof hosting (BPH) service provider that allegedly supported ransomware attacks. Aside from targeting Zservers, these sanctions also targeted two operators, Aleksandr Sergeyevich Bolshakov and Alexander Igorvich Mishin.
With these sanctions, Tammy Bruce, a State Department Spokesperson, commented that “as a BPH service provider, Zservers provided cybercriminals access to specialized servers and other computer infrastructure designed to resist law enforcement action.” Bruce continued emphasizing that “Russia continues to offer safe harbor for cybercriminals where groups are free to launch and support ransomware attacks against the [US] and its allies and partners.”
Aside from the State Department’s sanctions, The Department of Justice also announced that it arrested two Russian nationals who allegedly operated a cybercrime group, which targeted over 1,000 entities. These targets included healthcare providers, educational institutions, and children’s hospitals.