WASHINGTON — The website of DeepSeek, a Chinese AI company whose chatbot took the top spot as the most downloaded application in the United States, has been found to possess computer coding that could potentially transmit user login information to China Mobile, a state-owned telecommunications entity that has been barred from operating in the country, according to security researchers.

The login interface of DeepSeek’s chatbot features complex computer code that, upon examination, reveals connections to infrastructure managed by China Mobile. This code seems to be intertwined with the account creation and login functionalities of DeepSeek.

In its privacy documentation, DeepSeek admits to keeping user data on servers located within the People’s Republic of China. However, the revelation of a direct linkage to China Mobile implies a deeper connection to the Chinese state than had previously been understood. The U.S. government has previously asserted that China Mobile has close relations with the Chinese military, which served as a basis for limited sanctions against the company. Both DeepSeek and China Mobile have not responded to inquiries for comment.

The expansion of Chinese digital services has raised significant concerns among U.S. national security officials. Last year, Congress overwhelmingly supported a plan to compel the Chinese parent company of TikTok, the popular social media app, to sell its operations or face a nationwide ban. However, TikTok has recently received a temporary reprieve from President Trump, who is exploring the possibility of a sale.

The connection linking DeepSeek to China Mobile was initially discovered by Feroot Security, a Canadian cybersecurity firm, which later shared this information. The findings were independently verified by a second group of cybersecurity experts, confirming the presence of China Mobile’s code. While no data was observed being sent to China Mobile during tests conducted in North America, the possibility remains that some user data could be compromised.

This analysis is exclusive to DeepSeek’s web interface; the mobile application, which continues to rank among the most downloaded on Apple and Google app stores, has yet to undergo examination.

In 2019, the U.S. Federal Communications Commission unanimously rejected China Mobile’s request to operate within the United States due to “substantial” national security concerns. By 2021, the Biden administration had also implemented sanctions aimed at restricting American investments in China Mobile following the Pentagon’s association of the company with the Chinese military.

“It’s astonishing that we may be allowing China to monitor Americans without realizing it, and we’re taking no action,” commented Ivan Tsarynny, CEO of Feroot. He added, “The irregularities in this situation suggest that it’s unlikely to be accidental. The expression that ‘where there’s smoke, there’s fire’ rings true here.”

Stewart Baker, a lawyer and former official in the Department of Homeland Security and the National Security Agency, expressed that DeepSeek presents “all the concerns linked to TikTok, along with the possibility of access to information that could hold greater national security significance than content shared on TikTok.”

With users increasingly sharing sensitive information via generative AI technologies, including confidential business details and personal matters, the security implications of such tech are heightened when operated by a geopolitical rival, leading experts to warn of potential intelligence risks.

“The stakes are much larger because personal and proprietary data could be at risk. It’s akin to TikTok but on a much larger scale and with far greater precision. Users aren’t just sharing entertainment; they’re exchanging sensitive queries and information,” remarked Tsarynny.

Feroot has detected code that activates when a user logs into DeepSeek, which appears to collect intricate details about the user’s device. This process, known as fingerprinting, is commonly employed by tech firms worldwide for security, verification, and targeted advertising.

The examination of the identified code concluded that there are links suggesting China Mobile’s involvement in the user registration process for DeepSeek.

Two academic cybersecurity specialists, Joel Reardon from the University of Calgary and Serge Egelman from the University of California, Berkeley, were consulted by researchers to validate these findings. Their independent assessment corroborated the connections between DeepSeek’s login framework and China Mobile.

“It is evident that China Mobile is somehow integrated into the registration process for DeepSeek,” noted Reardon. Although he did not witness data transmission during his tests, he believes some logins may activate this feature for certain users.