Appdome, the leader in protecting mobile businesses, announced that new dynamic defense plugins are available on its AI-Native Defense platform to detect and defend against DeepSeek AI attacks on Android & iOS devices. The new plugins allow enterprises to safeguard mobile enterprise apps, harden remote access and protect mobile work from DeepSeek spyware.
The new plugins use behavioral analytics to detect unusual file access, data extraction, user monitoring, and unusual network traffic to external AI servers performed by DeepSeek. Like all Appdome defenses, the new dynamic defense plugins targeting DeepSeek attacks are available by choice using the Appdome platform without the need to integrate code, perform manual coding, implement SDKs, or deploy servers.
DeepSeek, a free, AI-powered chatbot mobile app, has grown in popularity quickly. It has also created a huge risk for enterprises and governments using mobile devices and apps in the workforce. For example, reports have surfaced that DeepSeek can be used as spyware to harvest and send user data to China without the user’s knowledge. Likewise, users can unknowingly or accidentally post sensitive information to DeepSeek, creating data leakage risks for corporate data and sensitive documents.
Recognizing the severity of the threat posed by DeepSeek, some enterprises have banned the use of DeepSeek for work purposes. Likewise, several government agencies, including in the United States and South Korea have introduced legislation to ban the use of DeepSeek on mobile devices used for government purposes. However, these bans are without teeth because – without Appdome – there is no way to detect DeepSeek on a mobile device, particularly a BYOD mobile device in an enterprise setting. And there’s no way to detect if DeepSeek is being used as spyware or if users share sensitive data via DeepSeek.
“The explosive popularity of DeepSeek AI creates a serious and immediate risk to the mobile enterprise,” said Tom Tovar, co-creator and CEO of Appdome. “If you’re one of the many who believe DeepSeek poses a risk to your mobile workforce or consumers, now you have a way to detect and prevent Deepseek from infiltrating your mobile apps or exposing your data.”
Appdome’s new Detect DeepSeek Attack plugins are particularly powerful in enterprise use cases such as mobile apps for work, enterprise apps, and Bring Your Own Device (BYOD) mobile strategies. When deployed in an enterprise app, the defense will detect an active DeepSeek session on the device and offer enterprises and B2B mobile app makers multiple enforcement options to mitigate the DeepSeek risk. Appdome’s new DeepSeek detection can be deployed stand alone or in combination with other defenses to detect DeepSeek being used as spyware and when employees post content to DeepSeek.
“As organizations race to embrace AI throughout the workforce and DeepSeek grows in popularity, enterprises need an early warning system to detect when specific AI tools are in use,” said Chris Roeckl, Chief Product Officer at Appdome. “Today that threat comes from DeepSeek and tomorrow it could be another AI-tool. No matter what, cyber organizations and IT need to be able to enforce policies regarding AI use responsibly.”
In published cases, DeepSeek exposed users to unauthorized data collection, weak encryption practices, and potential surveillance by state-linked entities. Security analyses reveal that DeepSeek transmits user data without proper encryption, employs outdated cryptographic algorithms, and lacks robust anti-tampering protections, making it vulnerable to reverse engineering. Beyond these published risks, attackers can expedite the runtime analysis of potential victim apps by feeding DeepSeek with memory dumps, encrypted files, and server responses directly on the device. This could also enable runtime memory extraction, allowing attackers to scan active memory for cryptographic keys, authentication tokens, and decrypted session data, compromising financial transactions and authentication flows.
Additionally, DeepSeek may facilitate dynamic code injection by identifying unprotected vectors, enabling attackers to bypass security controls like root detection and anti-debugging, manipulate app behavior, and intercept sensitive interactions without persistent malware. The creators of DeepSeek have set guardrails designed to prevent using the AI model for malicious purposes, however, during the analysis of this model multiple “jailbreaks” were found that allow circumventing security restrictions.
“If you use mobile in the workforce, then you need to safeguard your organization against DeepSeek,” said Kai Kenan, VP of Cyber Research at Appdome. “Users, even informed users, can download DeepSeek AI onto BYOD or shared devices used in highly sensitive operations. With Appdome DeepSeek detection, there’s no reason to be in the dark about the use or infiltration of DeepSeek in the enterprise.”
