diff --git a/libs/partners/deepseek/langchain_deepseek/chat_models.py b/libs/partners/deepseek/langchain_deepseek/chat_models.py
index ad5e77b6d02..e4618c06baa 100644
--- a/libs/partners/deepseek/langchain_deepseek/chat_models.py
+++ b/libs/partners/deepseek/langchain_deepseek/chat_models.py
@@ -6,6 +6,7 @@ import json
 from collections.abc import Callable, Iterator, Sequence
 from json import JSONDecodeError
 from typing import Any, Literal, TypeAlias, cast
+from urllib.parse import urlparse
 
 import openai
 from langchain_core.callbacks import (
@@ -197,7 +198,8 @@ class ChatDeepSeek(BaseChatOpenAI):
     @property
     def _is_azure_endpoint(self) -> bool:
         """Check if the configured endpoint is an Azure deployment."""
-        return "azure.com" in (self.api_base or "").lower()
+        hostname = urlparse(self.api_base or "").hostname or ""
+        return hostname == "azure.com" or hostname.endswith(".azure.com")
 
     @property
     def _llm_type(self) -> str:
diff --git a/libs/partners/deepseek/tests/unit_tests/test_chat_models.py b/libs/partners/deepseek/tests/unit_tests/test_chat_models.py
index b1129552f8f..7822017a244 100644
--- a/libs/partners/deepseek/tests/unit_tests/test_chat_models.py
+++ b/libs/partners/deepseek/tests/unit_tests/test_chat_models.py
@@ -348,6 +348,9 @@ class TestChatDeepSeekAzureToolChoice:
             DEFAULT_API_BASE,
             "https://api.openai.com/v1",
             "https://custom-endpoint.com/api",
+            "https://evil-azure.com/v1",  # hostname bypass attempt
+            "https://notazure.com.evil.com/",  # subdomain bypass attempt
+            "https://example.com/azure.com",  # path bypass attempt
         ]
         for endpoint in non_azure_endpoints:
             llm = ChatDeepSeek(