01Trust Score

DeepSeek

Week 2026-W17 · 26 Apr 2026 Vendor-Neutral
24 /100 Significant Risk
▼ 11 pts ⚠
2.0/5 (3639)
↓ PDF Report
AUDITOR SUMMARY
Strength: DeepSeek V4 offers highly competitive performance at a significantly lower cost, challenging established frontier models and providing a compelling value proposition for budget-conscious AI initiatives.
Trust Score 24/100 EVALUATE
Est. Annual Cost $105,000/year for 100 users 100 users / yr
Top Risk HIGH Reliability Overall: Critical
Priority Action Critical Data Encryption Gap: No Encryption At Rest or In Transit ↓ PDF  · TCO  · Hardening

Enterprise Verdict

× Extended Due Diligence Required
Risk: Critical 50 sources
Key Strength

Detailed community analysis available in report body

Priority Action

Critical Data Encryption Gap: No Encryption At Rest or In Transit

Live Signals This Week

Detected by daily monitoring — captured outside the weekly scrape window.

Warning May 12, 2026

DeepSeek Seeks Record $7.3 Billion AI Funding Round - Dataconomy

1 signal(s) detected: funding

news.google.com
Warning May 11, 2026

DeepSeek's US$7bn funding bid puts China's AI race on notice - digitimes

2 signal(s) detected: funding, funding

news.google.com news.google.com
This report updates every week. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
02Top Risks

Risk Assessment

Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.

High Reliability Community Data

Vendor viability score: 50/100. No community-reported outages or reliability incidents found in recent data.

High Cost Predictability Community Data

Vendor financial stability score: 50/100. Total funding raised: Bootstrapped. Enterprises should negotiate fixed-rate contracts and monitor pricing changes.

High Vendor Lock-in Community Data

Data export status unclear. Integration score: 0/100. Webhooks available, reducing lock-in risk.

Source
Critical Data Privacy Community Data

Compliance score: 40/100. GDPR: unknown. Encryption at rest: unknown.

Medium Compliance Posture Community Data

SOC 2: none. ISO 27001: none. Overall compliance score: 40/100.

Verified — Confirmed by vendor documentation Community — Derived from community reports

Due Diligence Alerts

Priority reviews, recommended inquiries, and verified strengths — based on 91+ community data points

Recommended Inquiry Critical Critical Data Encryption Gap: No Encryption At Rest or In Transit

DeepSeek's public documentation indicates a complete absence of encryption for customer data both at rest and in transit. This is a fundamental security failure that exposes all sensitive information to unauthorized access and violates basic enterprise security standards.

Sources: Web Community Evidence
Recommended Inquiry Critical Data Processed in High-Risk Jurisdiction: China

DeepSeek's headquarters in Beijing, China, implies that customer data is processed and stored within a jurisdiction considered high-risk for data privacy and government access. This poses significant compliance challenges for international operations, particularly under GDPR and CCPA.

Sources: Web Community Evidence
Recommended Inquiry High Unpatched High Severity XSS Vulnerability (CVE-2025-26210)

DeepSeek R1 through V3.1 is vulnerable to Cross-Site Scripting (XSS), allowing JavaScript execution in the context of its service domain. This unpatched vulnerability poses a significant risk of session hijacking, data exfiltration, and defacement.

Sources: Web Community Evidence ×8.8
Recommended Inquiry High DeepSeek V4 Thinking Mode API community feedback suggests room for improvement in Due to `reasoning_content` Handling

DeepSeek V4 thinking-mode models fail with 400 errors when `reasoning_content` is not explicitly replayed in subsequent API requests, particularly after tool calls. This indicates a critical API design flaw impacting reliability and integration.

Sources: Web Community Evidence ×2
Recommended Inquiry High AI Training Data Policy Not Explicitly Disclosed in ToS

DeepSeek's public terms do not explicitly state whether customer data is used for model training or if an opt-out is available. This lack of transparency creates a high-risk scenario for data privacy and intellectual property, requiring explicit contractual clarification.

Sources: Web Community Evidence
03Security & Compliance

Security & Compliance

SOC 2 ✕ Not found
ISO 27001 ✕ Not found
GDPR Not documented
HIPAA ✕ Not found

IT Hardening Guide

Critical Settings

API Key Management
medium Implement strict API key rotation policies and secure storage. Avoid hardcoding keys in client-side applications. Utilize environment variables or secure vaults for API key access.
DeepSeek V4 Thinking Mode Parameter
medium For DeepSeek V4 models, explicitly pass `thinking: {type: disabled}` in API requests if `reasoning_content` replay is not handled by the client, to prevent 400 errors. Verify this parameter's effect on model behavior and output quality.
Model Name Normalization
medium Monitor model names used in API calls and billing to ensure they align with expected models, especially given reports of silent remapping (e.g., `deepseek-v4-pro` to `deepseek-chat`).
Content Security Policy (CSP)
medium Implement a robust Content Security Policy (CSP) at the application layer to mitigate XSS risks, especially since DeepSeek's web application reportedly buyers may want to verify availability of one.

Deployment Checklist

Last verified: 10 May 2026

Enterprise Contract Intelligence

DPA availability, data residency, and contract risk signals for procurement teams

📄 Data Processing Agreement Not Public

A Data Processing Addendum (DPA) is not publicly available. Procurement teams must request a signed DPA directly from DeepSeek before contract execution to address data processing, sub-processors, and international data transfer mechanisms.

🌐 Data Residency Vendor-Controlled
Default: China (inferred from headquarters)

Data residency options are not publicly documented. Given DeepSeek's headquarters in China, it is inferred that data is processed and stored within China. This poses significant data sovereignty and compliance risks for customers in the EU and other regulated regions, requiring explicit contractual guarantees and transfer mechanisms (e.g., SCCs) that are currently not disclosed.

⚠️ Contract Risk High Lock-in (75/100)
Data export on exit: No ⚠
⚠ 5 contract risk flags — click to review
⚠ Undisclosed AI training data policy, implying broad vendor rights to customer content.
⚠ Unclear IP ownership of AI-generated outputs.
⚠ Absence of explicit data export guarantees, leading to high switching costs.
⚠ Lack of documented indemnification and liability caps.
⚠ Headquarters in a high-risk jurisdiction (China) with potential for government data access.

The contract risk for DeepSeek is high, primarily due to significant gaps in its public terms regarding data privacy, IP ownership, and data portability. The lack of transparency on critical clauses like auto-renewal, unilateral changes, and termination notice periods further exacerbates this risk. The inferred data residency in China also presents a substantial geopolitical and compliance risk, contributing to a high lock-in score.

New risk signals detected weekly. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
04Community Signals

Community Evidence

Sentiment analysis and recurring issues from developer & enterprise community signals this week.

Recurring Issues

deepseek-v4-pro model name gets normalized to deepseek-chat silently 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
[WIP]Support DeepSeek V4 flash on SM120 with Triton fallback 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
feat: add LDS-only DeepSeek chat page with local history and official news context 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
[codex] Add Kimi and DeepSeek models 🟠 Community 2 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 2 comments.

Sources: GitHub
An AI agent deleted our production database. The agent's confession is below 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN
The disappearing AI middle class 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN

Source Highlights This Week

Specific signals from GitHub, Hacker News, and Reddit — what the community is actually saying

👀

Analysis Pending

Community signals collected this week. Analysis and synthesis will be available in the next report update.

🔗 GitHub Issues & PRs
deepseek-v4-pro model name gets normalized to deepseek-chat silently
3 comments Bug 3 comments — high community engagement
[WIP]Support DeepSeek V4 flash on SM120 with Triton fallback
3 comments Discussion 3 comments — high community engagement
feat: add LDS-only DeepSeek chat page with local history and official news context
3 comments Bug 3 comments — high community engagement
🔥 Hacker News
An AI agent deleted our production database. The agent's confession is below
Story Score 0 — active HN discussion
The disappearing AI middle class
Story Score 0 — active HN discussion
DeepSeek's new models are so efficient they'll run on a toaster by which we mean
Story Score 0 — active HN discussion
💬 Reddit
Deepseek's v4 pro and flash usage and efficiency
r/DeepSeek
nearly 30 minutes thinking , first half is correct but final answer is wrong
r/DeepSeek
"then tell the model to just middle-think" 🔥DeepSeek Input Cache Price Drop!
r/DeepSeek
"View in your timezone: [May 5th, 2026, 15:59 (UTC][1] [1]: https://timee.io/20260505T1559?tl=%F0%9F%94%A5DeepSeek+I"
05Financial Impact

Financial Impact Panel

Cost intelligence and pricing signals for enterprise procurement decisions

Pricing Tiers

DeepSeek V4 Flash

Variable (API-based)
N/A
  • Input: $0.14 / M tokens
  • Output: $0.28 / M tokens
  • Open-weight model

DeepSeek V4 Pro

Variable (API-based)
N/A
  • Input: $2.10 / M tokens (75% discount active until 2026/05/05)
  • Output: $4.40 / M tokens
  • Cache hit input: $0.0145 / M tokens (1/10th original price)
  • Open-weight model

Pricing Observations

DeepSeek has implemented aggressive pricing strategies, including a 1/10th reduction for input cache hits and a 75% promotional discount for V4 Pro. Community users highlight significant cost savings compared to other frontier models. However, the lack of subscription plans (unlike Claude/GPT) means costs are purely usage-based, which can be unpredictable without careful monitoring. There are no reported hidden fees or billing surprises beyond standard token overage, but the silent model remapping could lead to unexpected charges if not monitored.

Pricing data from public sources — enterprise rates differ. Verify with vendor.

TCO Calculator

Calculate the real monthly cost for your team. Adjust seats, usage, and pricing tier below.

Estimated Monthly Cost

Base Subscription $0
AI Credits / Tokens $0
Hidden Costs (onboarding, overages, support) $0
Total Monthly TCO $0
Per User / Month $0
Annual Projection $0
Don't evaluate blind next quarter. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
Learn more about our Audit Methodology →

Independent analysis — signals aggregated from GitHub, Reddit, HN, Stack Overflow, Twitter/X, G2 & Capterra. Not affiliated with any vendor. Corrections?

© 2026 Swanum. All rights reserved. This report is provided “as is” for informational purposes only. It does not constitute legal, financial, or technical advice. Community-sourced data may contain inaccuracies. Reproduction or redistribution requires written permission. Vendors seeking corrections may contact us.

Download PDF Report

Create a free account to download the full enterprise audit PDF.

Sign up — it's free →

Already have an account? Log in