Last week, Chinese AI company DeepSeek made headlines when it announced that its free, open source AI model is as good as those from American tech companies and was built for less money, using less advanced chips and far less power.

This development was in the news largely for the impact it had on markets and on the fortunes of tech billionaires, but the larger story is that it opens the door for new, more cost-effective, mission-specific AI approaches – and that’s huge for agencies and their missions. However, this also raises critical questions about security, compliance, and how agencies should evaluate AI investments moving forward.

So what should agencies know about DeepSeek and, just as important, what should they consider when planning their investments in generative AI capabilities? A few things come to mind:

This is a game-changer for AI – and that’s good.

DeepSeek’s generative AI model demonstrates that high-performing AI can be built with fewer resources, outperforms others like OpenAI, Google, Meta, etc. at a fraction of the cost to train and use. For federal agencies, this reinforces the potential for more accessible and efficient AI solutions to do more transformational work – but also stresses the need to vet models for security, reliability, and mission alignment.

Be mindful of the source.

Released by DeepThink, a two-year old Chinese startup, DeepSeek was trained on data curated to align with content censorship policies. As a result, certain topics may be omitted, framed differently, or influenced by inherent biases in the training data. Therefore, users – and especially American users working on government projects and missions – should use it with extreme caution. Its results will likely yield inaccuracies or misses, and users should never share sensitive data with DeepSeek. Moreover, similar to concerns raised with applications like TikTok, there are national security implications regarding data privacy and the potential for foreign influence.

Consider the potential security risks.

The data scientists behind DeepSeek used NVIDIA H800 GPUs to build it. These GPUs are believed to be unsuitable for large language model (LLM) training because the NVIDIA H1000s are export-controlled and not available in China. To overcome this limitation, the company created substantial amounts of low-level code to optimize performance on the H800 chips. As such, the DeepSeek code base could be compromised and could present a cybersecurity threat. Before adopting any AI tool agencies should assess security risks in accordance with federal supply chain and cybersecurity guidelines.

DeepSeek underscores the potential – and risks – of innovative LLM approaches.

DeepSeek is the latest AI tool to leverage a large language model (LLM) that uses the “chain of thought” architecture to break a prompt into many steps, then assign expert LLMs to pursue the steps. It uses reinforcement learning from human feedback to improve accuracy, and it uses a distillation process to teach the DeepSeek model from a larger “teacher” model. This approach will push more capabilities to end users, both in the cloud and at the edge – benefitting use cases like disaster relief, homeland security and national defense.

DeepSeek is open source, placing very few restrictions on its use.

Most of the source code and technical description of the method used to build and train the model have been open sourced, allowing model builders to use it under a Massachusetts Institute of Technology (MIT) license that places few restrictions on reuse other than retaining the original copyright notice and license text. For agencies, this raises both opportunities and concerns: Open-source AI models can enhance transparency and adaptability, but they also introduce security risks if not properly vetted. This should enable more widespread experimentation and deployment of AI capabilities within organizations.

DeepSeek has changed the generative AI landscape for the moment, but it has not eliminated the need for secure, foundational AI models. It is a huge step forward for China and its position in the AI race, but it is not the last step forward that any player in the AI ecosystem will make.

As the demand and use cases for AI continue to expand rapidly, this latest development underscores the opportunity for more cost-effective, mission-specific AI approaches. It also reinforces the necessity for agencies to develop their AI roadmaps and evaluate their AI investments with security, compliance, and mission impact in mind.