US AI Export Controls Backfire as China's DeepSeek Raises $7.4B and Labs Cut Prices 99%

Four days after the US Commerce Department restricted foreign access to Anthropic's frontier models, the geopolitical and market fallout is accelerating. Cohere's chief AI officer reports a flood of inbounds from governments outside the US and China, scrambling for AI that can't be revoked by a Washington order. DeepSeek sealed its first external funding round — $7.4B from Tencent, CATL, NetEase, and JD — at a valuation north of $50B, marking a six-fold jump since April. The round includes a state-backed fund with sole voting rights, and founder Liang Wenfeng personally contributed $2.7B. To compete, ByteDance, Tencent, MiniMax, Xiaomi, and Alibaba slashed token prices up to 99%, with Xiaomi's MiMo V2.5 dropping to near zero. The export control intended to starve adversaries is instead handing them a low-cost on-ramp and a compelling reason to switch.

Simultaneously, the AI supply chain is under active attack. Attackers hijacked a former Mastra contributor's still-active npm credentials and published 144 poisoned packages within 88 minutes, each carrying a crypto-stealing RAT. Because Mastra is an AI-agent framework that integrates with cloud credentials, every build environment that pulled these packages should be treated as compromised. Separately, security firm Aikido discovered 15 malicious JetBrains plugins on the official marketplace, masquerading as integrations for DeepSeek, OpenAI, and SiliconFlow. Two of these plugins each had over 25,000 downloads and quietly exfiltrated AI-provider API keys. Together, these incidents expose a widening attack surface where the tools developers use to access AI are now the vector for credential theft.