DeepSeek's AI app will highly likely face a US consumer ban after topping download charts on Apple's App Store and Google Play, according to analysts at US investment bank Jefferies. The US federal government, Navy and Texas have already banned the app, and analysts expect broader restrictions using legislation similar to that targeting TikTok.

While consumer access may be blocked, US developers could still be allowed to self-host DeepSeek's model to eliminate security risks, the analysts added. Even if completely banned, DeepSeek's impact on pushing down AI costs will persist as US companies work to replicate its technology, Jefferies said in a report this week reviewed by Slashdot.

The app's pricing advantage remains significant, with OpenAI's latest o3-mini model still costing 100% more than DeepSeek's R1 despite being 63% cheaper than o1-mini. The potential ban comes amid broader US-China tech tensions. While restrictions on H20 chips appear unlikely given their limited training capabilities, analysts expect the Biden administration's AI diffusion policies to remain largely intact under Trump, with some quota increases possible for overseas markets based on their AI activity levels.

An anonymous reader quotes a report from the Associated Press: The website of the Chinese artificial intelligence company DeepSeek, whose chatbot became the most downloaded app in the United States, has computer code that could send some user login information to a Chinese state-owned telecommunications company that has been barred from operating in the United States, security researchers say. The web login page of DeepSeek's chatbot contains heavily obfuscated computer script that when deciphered shows connections to computer infrastructure owned by China Mobile, a state-owned telecommunications company. The code appears to be part of the account creation and user login process for DeepSeek.

In its privacy policy, DeepSeek acknowledged storing data on servers inside the People's Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile. The U.S. has claimed there are close ties between China Mobile and the Chinese military as justification for placing limited sanctions on the company. [...] The code linking DeepSeek to one of China's leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with The Associated Press. The AP took Feroot's findings to a second set of computer experts, who independently confirmed that China Mobile code is present. Neither Feroot nor the other researchers observed data transferred to China Mobile when testing logins in North America, but they could not rule out that data for some users was being transferred to the Chinese telecom.

The analysis only applies to the web version of DeepSeek. They did not analyze the mobile version, which remains one of the most downloaded pieces of software on both the Apple and the Google app stores. The U.S. Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing "substantial" national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military. "It's mindboggling that we are unknowingly allowing China to survey Americans and we're doing nothing about it," said Ivan Tsarynny, CEO of Feroot. "It's hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying 'Where there's smoke, there's fire'? In this instance, there's a lot of smoke," Tsarynny said.

Further reading: Senator Hawley Proposes Jail Time For People Who Download DeepSeek

Kaspersky researchers have discovered malware hiding in both Google Play and Apple's App Store that uses optical character recognition to steal cryptocurrency wallet recovery phrases from users' photo galleries. Dubbed "SparkCat" by security firm ESET, the malware was embedded in several messaging and food delivery apps, with the infected Google Play apps accumulating over 242,000 downloads combined.

This marks the first known instance of such OCR-based spyware making it into Apple's App Store. The malware, active since March 2024, masquerades as an analytics SDK called "Spark" and leverages Google's ML Kit library to scan users' photos for wallet recovery phrases in multiple languages. It requests gallery access under the guise of allowing users to attach images to support chat messages. When granted access, it searches for specific keywords related to crypto wallets and uploads matching images to attacker-controlled servers.

The researchers found both Android and iOS variants using similar techniques, with the iOS version being particularly notable as it circumvented Apple's typically stringent app review process. The malware's creators appear to be Chinese-speaking actors based on code comments and server error messages, though definitive attribution remains unclear.

Microsoft will charge commercial customers $61 per device in the first year to continue receiving Windows 10 security updates after support ends, The Register wrote in a PSA note Wednesday, citing text, with costs doubling each subsequent year for up to three years.

Organizations can't skip initial years to save money, as the updates are cumulative. Some users may avoid fees if they connect Windows 10 endpoints to Windows 365 Cloud PCs. The program also covers Windows 10 virtual machines running on Windows 365 or Azure Virtual Desktop for three years with an active Windows 365 subscription.

Thailand cut power supply, fuel and internet to some border areas with Myanmar on Wednesday. It's an attempt to choke scam syndicates operating out of there that have become a growing security concern. Reuters: Scam compounds in Southeast Asia are suspected to have entrapped hundreds of thousands of people in illegal online and telecom operations, generating billions of dollars annually, according to a 2023 U.N. report. Thai Interior Minister Anutin Charnvirakul visited the Provincial Electricity Authority headquarters in Bangkok on Wednesday to oversee the effort to fight the crime rings. "They may turn to other sources of power supply or generate their own electricity. In the Thai Security Council orders, it also includes the halt in supplying oil and internet to them, which means that from now on any damage that occurs will have no connection to any resources in Thailand."

Google has updated its public AI principles page to remove a pledge to not build AI for weapons or surveillance. TechCrunch reports: Asked for comment, the company pointed TechCrunch to a new blog post on "responsible AI." It notes, in part, "we believe that companies, governments, and organizations sharing these values should work together to create AI that protects people, promotes global growth, and supports national security." Google's newly updated AI principles note the company will work to "mitigate unintended or harmful outcomes and avoid unfair bias," as well as align the company with "widely accepted principles of international law and human rights." Further reading: Google Removes 'Don't Be Evil' Clause From Its Code of Conduct

An anonymous reader quotes a report from Ars Technica: In what is becoming a sadly regular occurrence, two popular free software projects, X.org/Freedesktop.org and Alpine Linux, need to rally some of their millions of users so that they can continue operating. Both services have largely depended on free server resources provided by Equinix (formerly Packet.net) and its Metal division for the past few years. Equinix announced recently that it was sunsetting its bare-metal sales and services, or renting out physically distinct single computers rather than virtualized and shared hardware. As reported by the Phoronix blog, both free software organizations have until the end of April to find and fund new hosting, with some fairly demanding bandwidth and development needs.

An issue ticket on Freedesktop.org's GitLab repository provides the story and the nitty-gritty needs of that project. Both the X.org foundation (home of the 40-year-old window system) and Freedesktop.org (a shared base of specifications and technology for free software desktops, including Wayland and many more) used Equinix's donated space. [...] Alpine Linux, a small, security-minded distribution used in many containers and embedded devices, also needs a new home quickly. As detailed in its blog, Alpine Linux uses about 800TB of bandwidth each month and also needs continuous integration runners (or separate job agents), as well as a development box. Alpine states it is seeking co-location space and bare-metal servers near the Netherlands, though it will consider virtual machines if bare metal is not feasible.

Senator Josh Hawley has introduced a bill that would criminalize the import, export, and collaboration on AI technology with China. What this means is that "someone who knowingly downloads a Chinese developed AI model like the now immensely popular DeepSeek could face up to 20 years in jail, a million dollar fine, or both, should such a law pass," reports 404 Media. From the report: Hawley introduced the legislation, titled the Decoupling America's Artificial Intelligence Capabilities from China Act, on Wednesday of last year. "Every dollar and gig of data that flows into Chinese AI are dollars and data that will ultimately be used against the United States," Senator Hawley said in a statement. "America cannot afford to empower our greatest adversary at the expense of our own strength. Ensuring American economic superiority means cutting China off from American ingenuity and halting the subsidization of CCP innovation."

Hawley's statement explicitly says that he introduced the legislation because of the release of DeepSeek, an advanced AI model that's competitive with its American counterparts, and which its developers claimed was made for a fraction of the cost and without access to as many and as advanced of chips, though these claims are unverified. Hawley's statement called DeepSeek "a data-harvesting, low-cost AI model that sparked international concern and sent American technology stocks plummeting." Hawley's statement says the goal of the bill is to "prohibit the import from or export to China of artificial intelligence technology, "prohibit American companies from conducting AI research in China or in cooperation with Chinese companies," and "Prohibit U.S. companies from investing money in Chinese AI development."

The Department of Homeland Security's Inspector General has launched an audit of the TSA's use of facial recognition technology at U.S. airports following concerns from lawmakers and privacy advocates. The Register reports: Homeland Security Inspector General Joseph Cuffari notified a bipartisan group of US Senators who had asked for such an investigation last year that his office has announced an audit of TSA facial recognition technology in a letter [PDF] sent to the group Friday. "We have reviewed the concerns raised in your letter as part of our work planning process," said Cuffari, a Trump appointee who survived the recent purge of several Inspectors General. "[The audit] will determine the extent to which TSA's facial recognition and identification technologies enhance security screening to identify persons of interest and authenticate flight traveler information while protecting passenger privacy," Cuffari said.

The letter from the Homeland Security OIG was addressed to Senator Jeff Merkley (D-OR), who co-led the group of 12 Senators who asked for an inspection of TSA facial recognition in November last year. "Americans don't want a national surveillance state, but right now, more Americans than ever before are having their faces scanned at the airport without being able to exercise their right to opt-out," Merkley said in a statement accompanying Cuffari's letter. "I have long sounded the alarm about the TSA's expanding use of facial recognition ... I'll keep pushing for strong Congressional oversight."

[...] While Cuffari's office was light on details of what would be included in the audit, the November letter from the Senators was explicit in its list of requests. They asked for the systems to be evaluated via red team testing, with a specific investigation into effectiveness - whether it reduced screening delays, stopped known terrorists, led to workforce cuts, or amounted to little more than security theater with errors.

Android and Google Play have billions of users, Google wrote in its security blog this week. "However, like any flourishing ecosystem, it also attracts its share of bad actors... That's why every year, we continue to invest in more ways to protect our community." Google's tactics include industry-wide alliances, stronger privacy policies, and "AI-powered threat detection."

"As a result, we prevented 2.36 million policy-violating apps from being published on Google Play and banned more than 158,000 bad developer accounts that attempted to publish harmful apps. " To keep out bad actors, we have always used a combination of human security experts and the latest threat-detection technology. In 2024, we used Google's advanced AI to improve our systems' ability to proactively identify malware, enabling us to detect and block bad apps more effectively. It also helps us streamline review processes for developers with a proven track record of policy compliance. Today, over 92% of our human reviews for harmful apps are AI-assisted, allowing us to take quicker and more accurate action to help prevent harmful apps from becoming available on Google Play. That's enabled us to stop more bad apps than ever from reaching users through the Play Store, protecting users from harmful or malicious apps before they can cause any damage.
Starting in 2024 Google also "required apps to be more transparent about how they handle user information by launching new developer requirements and a new 'Data deletion' option for apps that support user accounts and data collection.... We're also constantly working to improve the safety of apps on Play at scale, such as with the Google Play SDK Index. This tool offers insights and data to help developers make more informed decisions about the safety of an SDK."

And once an app is installed, "Google Play Protect, Android's built-in security protection, helps to shield their Android device by continuously scanning for malicious app behavior." Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source. This built-in protection, enabled by default, provides crucial security against malware and unwanted software. Google Play Protect scans more than 200 billion apps daily and performs real-time scanning at the code-level on novel apps to combat emerging and hidden threats, like polymorphic malware. In 2024, Google Play Protect's real-time scanning identified more than 13 million new malicious apps from outside Google Play [based on Google Play Protect 2024 internal data]...

According to our research, more than 95 percent of app installations from major malware families that exploit sensitive permissions highly correlated to financial fraud came from Internet-sideloading sources like web browsers, messaging apps, or file managers. To help users stay protected when browsing the web, Chrome will now display a reminder notification to re-enable Google Play Protect if it has been turned off... Scammers may manipulate users into disabling Play Protect during calls to download malicious Internet-sideloaded apps. To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls...

Google Play Protect's enhanced fraud protection pilot analyzes and automatically blocks the installation of apps that may use sensitive permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps, or file managers). Building on the success of our initial pilot in partnership with the Cyber Security Agency of Singapore (CSA), additional enhanced fraud protection pilots are now active in nine regions — Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, South Africa, Thailand, and Vietnam.

In 2024, Google Play Protect's enhanced fraud protection pilots have shielded 10 million devices from over 36 million risky installation attempts, encompassing over 200,000 unique apps.

In 2023, Microsoft began including a free VPN feature in its "Microsoft Defender" security app for all Microsoft 365 subscribers ("Personal" and "Family"). Originally Microsoft had "called it a privacy protection feature," writes the blog Windows Central, "designed to let you access sensitive data on the web via a VPN tunnel." But.... Unfortunately, Microsoft has now announced that it's killing the feature later this month, only a couple of years after it first debuted...

To add insult to injury, this announcement comes just days after Microsoft increased subscription prices across the board. Both Personal and Family subscriptions went up by three dollars a month, which the company says is the first price hike Microsoft 365 has seen in over a decade. The increased price does now include Microsoft 365 Copilot, which adds AI features to Word, PowerPoint, Excel, and others.

However, it also comes with the removal of the free VPN in Microsoft Defender, which I've found to be much more useful so far.

Wednesday the Linux Foundation wrote that both "regulatory compliance" and "increased cybersecurity risk" were "creating burdens...that must be met" for open source communities.

And so, as Steven J. Vaughan-Nichols writes, "the Linux Foundation has released a comprehensive guide to help open source developers navigate the complex landscape of the U.S. Office of Foreign Assets Control (OFAC) sanctions..." These rules, aimed at achieving economic, foreign policy, and national security goals, apply to various interactions, including those in the open source community. The total Sanctions Programs and Country list amounts to over 17 thousand entries ranging from individuals to terrorist organizations to countries.

If that rings a bell, it's because, in October 2024, the Linux kernel developers ran right into this issue. The Linux kernel's leadership, including Greg Kroah-Hartman, the stable Linux kernel maintainer, and Linus Torvalds, Linux's founder, announced that eleven Russian kernel developers had been removed from their roles working on the Linux kernel. Why? Because, as Torvalds said, of "Russian sanctions." This, he added, in a Linux kernel mailing list (LKML) message was because "the 'various compliance requirements' are not just a US thing."

For developers, this means exercising caution about who they interact with and where their contributions originate. The sanctions target specific countries, regions, and individuals or organizations, many of which are listed on the Specially Designated Nationals and Blocked Persons (SDN) List... Most OFAC sanctions are exempted for "informational materials," which generally include open source code. However, this only applies to existing code and not to requests for new code or modifications. So, for example, working with a Russian developer on a code patch could land you in hot water... While reviewing unsolicited patches from contributors in sanctioned regions is generally acceptable, actively engaging them in discussions or improvements could cross legal boundaries... Developers are warned to be cautious of sanctioned entities attempting to contribute indirectly through third parties or developers acting "individually."
Countries currently sanctioned include:

• Russia
• Cuba
• Iran
• North Korea
• Syria
• The following regions of Ukraine: Crimea, Donetsk and Luhansk regions of the Ukraine.

The Linux Foundation had written that the OFAC sanctions rules are "strict liability" rules, "which means it does not matter whether you know about them or not. Violating these rules can lead to serious penalties, so it's important to understand how they might affect your open source work." But J. Vaughan-Nichols offers this quote from open source licensing attorney Heather Meeker.

"Let's be honest: Smaller companies usually ignore regulations like this because they just don't have the resources to analyze them, and a government usually ignores smaller companies because it doesn't have the resources to enforce against them. Big companies that are on the radar need specialized counsel."

Thursday America's FDA "raised concerns about cybersecurity vulnerabilities" in patient monitors from China-based medical device company Contec "that could allow unauthorized individuals to access and potentially manipulate those devices," reports Reuters. The patient monitors could be remotely controlled by unauthorized users or may not function as intended, and the network to which these devices are connected could be compromised, the agency warned. The FDA also said that once these devices are connected to the internet, they can collect patient data, including personally identifiable information and protected health information, and can export this data out of the healthcare delivery environment.

The agency, however, added that it is currently unaware of any cybersecurity incidents, injuries, or deaths related to these identified cybersecurity vulnerabilities.
The FDA's announcement says "The software on the patient monitors includes a backdoor, which may mean that the device or the network to which the device has been connected may have been or could be compromised." And it offers this advice to caregivers and patients: If your health care provider confirms that your device relies on remote monitoring features, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.

If your device does not rely on remote monitoring features, use only the local monitoring features of the patient monitor. This means unplugging the device's ethernet cable and disabling wireless (that is, WiFi or cellular) capabilities, so that patient vital signs are only observed by a caregiver or health care provider in the physical presence of a patient. If you cannot disable the wireless capabilities, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.
A detailed report from CISA describes how a research team "created a simulated network, created a fake patient profile, and connected a blood pressure cuff, SpO2 monitor, and ECG monitor peripherals to the patient monitor. Upon startup, the patient monitor successfully connected to the simulated IP address and immediately began streaming patient data..." to an IP address that hard-coded into the backdoor function. "Sensor data from the patient monitor is also transmitted to the IP address in the same manner. If the routine to connect to the hard-coded IP address and begin transmitting patient data is called, it will automatically initialize the eth0 interface in the same manner as the backdoor. This means that even if networking is not enabled on startup, running this routine will enable networking and thereby enable this functionality

An anonymous reader shared this report from Reuters: New York-based cybersecurity firm Wiz says it has found a trove of sensitive data from the Chinese artificial intelligence startup DeepSeek inadvertently exposed to the open internet. In a blog post published Wednesday, Wiz said that scans of DeepSeek's infrastructure showed that the company had accidentally left more than a million lines of data available unsecured.

Those included digital software keys and chat logs that appeared to capture prompts being sent from users to the company's free AI assistant.
Wiz's chief technology officer tells Reuters that DeepSeek "took it down in less than an hour" after Wiz alerted them.

"But this was so simple to find we believe we're not the only ones who found it."

SC World reports: A new phishing scam targeting mobile devices was observed using a "never-before-seen" obfuscation method to hide links to spoofed United States Postal Service (USPS) pages inside PDF files, [mobile security company] Zimperium reported Monday.

The method manipulates elements of the Portable Document Format (PDF) to make clickable URLs appear invisible to both the user and mobile security systems, which would normally extract links from PDFs by searching for the "/URI" tag. "Our researchers verified that this method enabled known malicious URLs within PDF files to bypass detection by several endpoint security solutions. In contrast, the same URLs were detected when the standard /URI tag was used," Zimperium Malware Researcher Fernando Ortega wrote in a blog post.

The attackers send the malicious PDFs via SMS text messages under the guise of providing instructions to retrieve a USPS package that failed to deliver... The phishing websites first displays a form for the victim provide their mailing address, email address and telephone number, and then asks for credit card information to pay a $0.30 "service fee" for redelivery of the supposed package... Zimperium identified more than 20 versions of the malicious PDF files and 630 phishing pages associated with the scam operation. The phishing pages were also found to support 50 languages, suggestion international targeting and possible use of a phishing kit.
"Users' trust in the PDF file format and the limited ability of mobile users to view information about a file prior to opening it increase the risk of such phishing campaigns, Zimperium noted."

Thanks to Slashdot reader spatwei for sharing the news.

"A jury may never see the gun that authorities say was used to kill Blake Story last year," reports Cleveland.com.

"That's because Cleveland police used a facial recognition program — one that explicitly says its results are not admissible in court — to obtain a search warrant, according to court documents." The search turned up what police say is the murder weapon in the suspect's home. But a Cuyahoga County judge tossed that evidence after siding with defense attorneys who argued that the search warrant affidavit was misleading and relied on inadmissible evidence. If an appeals court upholds the judge's ruling to suppress the evidence, prosecutors acknowledge their case is likely lost...

The company that produced the facial recognition report, Clearview AI, has been used in hundreds of law enforcement investigations throughout Ohio and has faced lawsuits over privacy violations.

Not only does Cleveland lack a policy governing the use of artificial intelligence, Ohio lawmakers also have failed to set standards for how police use the tool to investigate crimes. "It's the wild, wild west in Ohio," said Gary Daniels, a lobbyist for the American Civil Liberties Union. The lack of state regulation of how law enforcement uses advanced technologies — no laws similarly govern the use of drones or license plate readers — means it is essentially up to agencies how they use the tools.
The affidavit for the search warrant was signed by a 28-year police force veteran, according to the article — but it didn't disclose the use of Clearview's technology.

Clearview's report acknowledged their results were not admissible in court — but then provided the suspect's name, arrest record, Social Security number, according to the article, and "noted he was the most likely match for the person in the convenience store."

Thanks to tlhIngan (Slashdot reader #30,335) for sharing the news.

An anonymous reader shares a report: Taiwan's digital ministry said on Friday that government departments should not use Chinese startup DeepSeek's artificial intelligence (AI) service, saying that as the product is from China it represents a security concern.

Democratically-governed Taiwan has long been wary of Chinese tech given Beijing's sovereignty claims over the island and its military and political threats against the government in Taipei. In a statement, Taiwan's Ministry of Digital Affairs said that government departments are not allowed to use DeepSeek's AI service to "prevent information security risks".

"DeepSeek's AI service is a Chinese product, and its operation involves cross-border transmission and information leakage and other information security concerns, and is a product that jeopardises the country's information security," the ministry said.

The Register's Dan Robinson reports: Google promised a decade of updates for its Chromebooks in 2023 to stop them being binned so soon after purchase, but many are still set to reach the end of the road sooner than later. The appliance-like laptop devices were introduced by megacorp in 2011, running its Linux-based ChromeOS platform. They have been produced by a number of hardware vendors and proven popular with buyers such as students, thanks to their relatively low pricing. The initial devices were designed for a three-year lifespan, or at least this was the length of time Google was prepared to issue automatic updates to add new features and security fixes for the onboard software.

Google has extended this Auto Update Expiration (AUE) date over the years, prompted by irate users who purchased a Chromebook only to find that it had just a year or two of software updates left if that particular model had been on the market for a while. The latest extension came in September 2023, when the company promised ten years of automatic updates, following pressure from the US-based Public Interest Research Group (PIRG). The advocacy organization had recommended this move in its Chromebook Churn report, which criticized the devices as not being designed to last.

PIRG celebrated its success at the time, claiming that Google's decision to extend support would "save millions of dollars and prevent tons of e-waste from being disposed of." But Google's move actually meant that only Chromebooks released from 2021 onward would automatically get ten years of updates, starting in 2024. For a subset of older devices, an administrator (or someone with admin privileges) can opt in to enable extended updates and receive the full ten years of support, a spokesperson for the company told us. This, according to PIRG, still leaves many models set to reach end of life this year, or over the next several years. "According to my research, at least 15 Chromebook models have already expired across most of the top manufacturers (Google, Acer, Dell, HP, Samsung, Asus, and Lenovo). Models released before 2021 don't have the guaranteed ten years of updates, so more devices will continue to expire each year," Stephanie Markowitz, a Designed to Last Campaign Associate at PIRG, told The Register.

"In general, end-of-support dates for consumer tech like laptops act as 'slow death' dates," according to Markowitz. "The devices won't necessarily lose function immediately, but without security updates and bug patches, the device will eventually become incompatible with the most up-to-date software, and the device itself will no longer be secure against malware and other issues."

A full ist of end-of-life dates for Chromebook models can be viewed here.

An anonymous reader quotes a report from Ars Technica: On Thursday, OpenAI announced that it is deepening its ties with the US government through a partnership with the National Laboratories and expects to use AI to "supercharge" research across a wide range of fields to better serve the public. "This is the beginning of a new era, where AI will advance science, strengthen national security, and support US government initiatives," OpenAI said. The deal ensures that "approximately 15,000 scientists working across a wide range of disciplines to advance our understanding of nature and the universe" will have access to OpenAI's latest reasoning models, the announcement said.

For researchers from Los Alamos, Lawrence Livermore, and Sandia National Labs, access to "o1 or another o-series model" will be available on Venado -- an Nvidia supercomputer at Los Alamos that will become a "shared resource." Microsoft will help deploy the model, OpenAI noted. OpenAI suggested this access could propel major "breakthroughs in materials science, renewable energy, astrophysics," and other areas that Venado was "specifically designed" to advance. Key areas of focus for Venado's deployment of OpenAI's model include accelerating US global tech leadership, finding ways to treat and prevent disease, strengthening cybersecurity, protecting the US power grid, detecting natural and man-made threats "before they emerge," and " deepening our understanding of the forces that govern the universe," OpenAI said.

Perhaps among OpenAI's flashiest promises for the partnership, though, is helping the US achieve a "a new era of US energy leadership by unlocking the full potential of natural resources and revolutionizing the nation's energy infrastructure." That is urgently needed, as officials have warned that America's aging energy infrastructure is becoming increasingly unstable, threatening the country's health and welfare, and without efforts to stabilize it, the US economy could tank. But possibly the most "highly consequential" government use case for OpenAI's models will be supercharging research safeguarding national security, OpenAI indicated. "The Labs also lead a comprehensive program in nuclear security, focused on reducing the risk of nuclear war and securing nuclear materials and weapons worldwide," OpenAI noted. "Our partnership will support this work, with careful and selective review of use cases and consultations on AI safety from OpenAI researchers with security clearances." The announcement follows the launch earlier this week of ChatGPT Gov, "a new tailored version of ChatGPT designed to provide US government agencies with an additional way to access OpenAI's frontier models." It also worked with the Biden administration to voluntarily commit to give officials early access to its latest models for safety inspections.

India's IT minister on Thursday praised DeepSeek's progress and said the country will host the Chinese AI lab's large language models on domestic servers, in a rare opening for Chinese technology in India. From a report: "You have seen what DeepSeek has done -- $5.5 million and a very very powerful model," IT Minister Ashwini Vaishnaw said on Thursday, responding to criticism New Delhi has received for its own investment in AI, which has been much less than many other countries.

Since 2020, India has banned more than 300 apps and services linked to China, including TikTok and WeChat, citing national security concerns. The approval to allow DeepSeek to be hosted in India appears contingent on the platform storing and processing all Indian users' data domestically, in line with India's strict data localization requirements. [...] DeepSeek's models will likely be hosted on India's new AI Compute Facility. The facility is powered by 18,693 graphics processing units (GPUs), nearly double its initial target -- almost 13,000 of those are Nvidia H100 GPUs, and about 1,500 are Nvidia H200 GPUs.