Chinese AI startup DeepSeek left critical user data and internal secrets unprotected, raising alarms over security risks in the AI industry.
A New York-based cybersecurity firm, Wiz, has uncovered a critical security lapse at DeepSeek, a rising Chinese AI startup, revealing a cache of sensitive data openly accessible on the internet.
According to a report published by Wiz, the exposed data included over a million lines of log entries, digital software keys, backend details, and user chat history from DeepSeek’s AI assistant. The firm’s researchers found that DeepSeek had inadvertently left an unsecured ClickHouse database accessible online, raising significant security concerns for enterprises and governments globally.
Wiz Chief Technology Officer Ami Luttwak confirmed in a blog post that DeepSeek swiftly acted to secure the database after being alerted.
“They took it down in less than an hour,” Luttwak stated in the blog post. “But this was so simple to find, we believe we’re not the only ones who found it.”
The security breach comes at a time when DeepSeek has been making headlines for its AI advancements, particularly with its DeepSeek-R1 reasoning model, which has been hailed as a cost-effective alternative to leading US-based AI solutions. However, this incident underscores a major concern for enterprises adopting AI—data security and the risks associated with rapid AI deployment.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
In recent years, CISOs have often felt that their board of directors did not take them seriously. This key issue for cybersecurity, however, is turning around, with 82% of CISOs now reporting directly to their CEOs, versus 47% in 2023, according to a survey by Splunk.
Splunk’s report, which surveyed 500 CISOs, CSOs, and similar security officers, as well as 100 board members, found that 83% of CISOs now attend board meetings relatively often or most of the time.
Important as well to the security of the enterprise is having someone with cybersecurity background on the board itself, as 60% of respondents acknowledged. There, however, companies have a ways to go, with only 29% of CISOs saying their companies someone with cybersecurity expertise on the board.
According to the study, board members with a CISO background have closer relationships with security teams, place more trust in the company’s security measures, and are far less likely (37%) to express concerns that not enough is being done to protect the company.
The study also shows that CISOs who have strong relationships with the board also report better collaboration throughout the company, including stronger partnerships with IT operations and engineering teams than do CISOs who do not have strong relationships with the board (74% vs. 63%).
CISOs with good relationships with the board are also more likely to have the opportunity to pursue generative AI use cases, such as creating rules for threat detection (43% vs. 31%), analyzing data sources (45% vs. 28%), incident response and forensic investigations (42% vs. 29%), or proactive threat hunting (46% vs. 28%).
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3810947/cisos-move-closer-to-the-management-board.html