Chinese AI startup DeepSeek left critical user data and internal secrets unprotected, raising alarms over security risks in the AI industry.
A New York-based cybersecurity firm, Wiz, has uncovered a critical security lapse at DeepSeek, a rising Chinese AI startup, revealing a cache of sensitive data openly accessible on the internet.
According to a report published by Wiz, the exposed data included over a million lines of log entries, digital software keys, backend details, and user chat history from DeepSeek’s AI assistant. The firm’s researchers found that DeepSeek had inadvertently left an unsecured ClickHouse database accessible online, raising significant security concerns for enterprises and governments globally.
Wiz Chief Technology Officer Ami Luttwak confirmed in a blog post that DeepSeek swiftly acted to secure the database after being alerted.
“They took it down in less than an hour,” Luttwak stated in the blog post. “But this was so simple to find, we believe we’re not the only ones who found it.”
The security breach comes at a time when DeepSeek has been making headlines for its AI advancements, particularly with its DeepSeek-R1 reasoning model, which has been hailed as a cost-effective alternative to leading US-based AI solutions. However, this incident underscores a major concern for enterprises adopting AI—data security and the risks associated with rapid AI deployment.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!