Chinese artificial intelligence company DeepSeek left a critical database publicly accessible, exposing over 1 million records including user prompts, system logs, and API authentication tokens, Wired reports.
Researchers from cloud security firm Wiz discovered the issue and attempted to contact DeepSeek through multiple channels. The database was secured within 30 minutes, but whether or not unauthorized parties accessed the data before then could not be determined. The exposed database appeared to be a ClickHouse instance typically used for server analytics and contained logs of user interactions and authentication credentials. Security experts noted that such an oversight suggests DeepSeek lacks the maturity to handle sensitive data securely. The discovery raises concerns as DeepSeek gains global traction, rivaling OpenAI and prompting scrutiny from regulators and governments. Meanwhile, Italy’s data protection authority has questioned DeepSeek’s handling of personal data, and the US Navy has warned personnel against using the service due to security risks. OpenAI is reportedly investigating whether DeepSeek trained its models using ChatGPT outputs. Security experts warn that AI firms must improve cybersecurity as their rapid expansion is beset by familiar vulnerabilities.
