DeepSeek AI has stunned markets by developing a model with fewer resources than its U.S. counterparts, raising eyebrows among investors and governments alike.

Its R1 model is reasoning-centric, cost-efficient, and open source, making it an attractive option for enterprises looking to integrate AI into their operations.

However, it also introduces a new and often-overlooked risk: the sovereignty of AI models.

For CIOs and CTOs, this is an issue that is both obvious and urgent.

Sovereignty concerns already shape decisions in cloud computing and data governance, yet AI remains a grey area.

While businesses rigorously assess the security and compliance of their cloud vendors, few are looking under the hood of their AI-powered SaaS and software tools to examine which models are being used, where they come from, and what risks they carry.

The question is no longer just about AI adoption, but whether organisations are choosing models that align with their risk and compliance frameworks.

In today’s interconnected yet geopolitically tense world, the provenance of technology holds strategic importance.

Governments are increasingly scrutinising the origins of AI models, questioning whether foreign-developed AI could pose national security risks.

At the same time, the concept of AI nationalism is emerging, where AI is viewed as a critical strategic asset, much like oil or semiconductors.

This shift reflects a broader trend in which nations seek to assert control over their technological ecosystems, raising new concerns for enterprises integrating AI into their operations.

 

A Growing Concern for CIOs and CISOs

According to a 2024 ADAPT survey of 125 Cloud and Infrastructure leaders, 60% of organisations looking to use or pilot LLMs plan to primarily consume off-the-shelf models through SaaS providers.

Some of this usage includes integrating APIs into existing workflows and fine-tuning models on internal knowledge bases.

Yet, while these solutions may be convenient, they also introduce risks related to the unknown assumptions embedded within these AI models and their potential future behaviours.

DeepSeek AI, as a Chinese-developed model, exemplifies both the promise and the challenge.

While open-source models can be transported into private clouds without direct vendor dependencies, the real concern lies in understanding how these models were developed, what biases or assumptions they contain, and how they might behave when granted ‘agency’—the ability to make autonomous decisions or interact dynamically as AI agents.

The days of treating AI as a neutral, borderless technology are over.

Companies are now expected to scrutinise their tech stack not just for performance and cost-effectiveness, but for the underlying logic and intent driving these systems.

ADAPT’s Security Edge Surveys from April and October 2024 reveal that among 140 leading Australian CISOs, data security risks and third-party risks rank as the second and third highest security threats this year—well ahead of state-sponsored threat actors, which rank ninth.

This highlights the growing importance of understanding where AI models originate, how they handle data, and whether they align with organisational security requirements.

The consequences of ignoring this debate are already playing out.

Governments are taking a harder line on foreign technology providers, particularly in critical infrastructure and financial services.

Some organisations are adopting internal policies to screen for AI model origins, ensuring their stack aligns with compliance and risk management frameworks.

But this raises a difficult question: if the most cost-effective and innovative AI comes from jurisdictions with regulatory or political concerns, does rejecting these models put businesses at a disadvantage?

DeepSeek AI’s promise of accessible, reasoning-driven technology is undeniable.

Models like the R1 hold transformative potential, from optimising supply chains to enhancing customer engagement.

But they also challenge CIOs and CTOs to adopt a more strategic lens, weighing risks alongside benefits.

In the same ADAPT survey, only 3% of CISOs rated their organisations as mature in protecting intellectual property, and just 2% reported maturity in controlling data leakage.

This underscores the reality that AI-related risks are already under-addressed—even before factoring in the challenges of AI sovereignty.

 

Cloud Sovereignty as a Precedent for AI Sovereignty

The issue of AI sovereignty is not happening in a vacuum.

A year earlier, in 2023, 60% of Cloud and Infrastructure leaders stated that sovereignty was important when choosing cloud vendors.

Across both 2023 and 2024, security features remained the most important criterion for evaluating infrastructure vendors.

These insights suggest that CIOs and CTOs already recognise the importance of sovereignty in cloud computing.

The next logical step is to extend this thinking to AI models.

If sovereignty and security concerns influence decisions around cloud providers, why shouldn’t the same level of scrutiny be applied to AI solutions?

So, how can CIOs and CTOs ensure they are looking under the hood of their AI-powered SaaS and software products?

The first step is transparency—demanding that vendors disclose which models power their solutions and where they were developed.

Organisations should also conduct AI audits, assessing sovereignty risks alongside traditional cybersecurity factors.

Finally, firms must build internal policies that align AI procurement with broader governance, security, and compliance standards.

While DeepSeek offers a robust tool with a low-cost structure, the need for organisations to be secure and trusted will potentially trump any cost-saving advantages.

The AI landscape is shifting, and as organisations move deeper into an era of AI nationalism, they must weigh the long-term implications of their choices.

AI is no longer just a tool—it’s a decision about the future of your business.

The question is no longer whether your organisation should adopt AI, but which AI you are willing to trust.

Contributors
Gabby Fredkin Head of Analytics & Insights at ADAPT
As the Head of Analytics and Insights at ADAPT, Gabby Fredkin’s primary role is managing analysis to produce ADAPT’s actionable insights to... More

As the Head of Analytics and Insights at ADAPT, Gabby Fredkin’s primary role is managing analysis to produce ADAPT’s actionable insights to identify trends supporting organisations in Australia.

With a passion for creating stories with data, Gabby is consistently rated as one of the top speakers at ADAPT’s events. In roundtable discussions, he specialises in using statistics to initiate thought-provoking discussions, enabling ADAPT’s customers to become more data-driven.​

Using modern data science techniques, he provides ADAPT and its customers with confidence in the accuracy and validity of the information used for ADAPT’s research, advisory and events.

Working across artificial intelligence, machine learning, AI ethics, DevSecOps, end-user behaviour, and human-centred design, Gabby’s vast experience continues to grow, supported in part by a Master of Business Analytics from Deakin University.

Less
Dr. Michael G. Kollo Director of AI at ADAPT
Dr. Michael G. Kollo is recognised as an accomplished executive leader and educator within the realm of artificial intelligence’s significance in business... More

Dr. Michael G. Kollo is recognised as an accomplished executive leader and educator within the realm of artificial intelligence’s significance in business strategy and product development across various sectors including financial services, technology, and public services. Holding a portfolio of leadership roles, Michael has contributed his expertise to renowned institutional investors such as Blackrock, Fidelity, Renaissance Asset Management, Axa Investment Managers, and HESTA. Additionally, he served as a non-executive director for Clime Investment Managers, an ASX-listed entity.

In the entrepreneurial sphere, Michael has been involved with AI and software companies, notably as a key figure at Faethm Pty, an Australian AI software company that was acquired by Pearsons in 2021, and at the Blockchain company Clanz. Beyond entrepreneurship, he actively participates in mentoring and supporting fintech and cybertech startup ecosystems in London and Australia.

In the realm of academia, Michael boasts a PhD in Finance from the London School of Economics, coupled with extensive lecturing experience at esteemed institutions such as the LSE and Imperial College. He has also been invited as a speaker at TedX events, focusing on the responsible utilisation of AI. With publications addressing machine learning’s application in investment management and contributions to the World Economic Forum’s AI/Fintech panel, Michael’s expertise is widely recognised. Moreover, he has cultivated a global audience through educational podcasts like “Curious Quant.”

As well as Director of AI at ADAPT, Michael is also the CEO of Evolved AI, a distinguished executive education and software development firm dedicated to empowering individuals through effective and responsible AI usage, thereby fostering resilient, transparent, and rapidly evolving enterprises.

Less
modernisation data transformation