Researchers from Wiz Research have uncovered a publicly accessible database belonging to DeepSeek, a Chinese AI startup. This exposure has raised serious concerns regarding the handling of sensitive user data, as the database contained a wealth of confidential information, including chat histories and secret keys.
The Wiz Research team conducted an assessment of DeepSeek’s external security posture and quickly identified a ClickHouse database that was left open to the public without any authentication. This database was hosted on DeepSeek’s domains and allowed full control over its operations, meaning that anyone who discovered it could not only view but also manipulate the data within it.
Upon investigation, the researchers found that the database contained over one million log entries. These entries included detailed records of user interactions with DeepSeek’s AI services, known as chat histories. Additionally, the database housed sensitive credentials in the form of API keys, which could potentially grant unauthorized access to DeepSeek’s internal systems. Furthermore, it contained backend operational details that provided insights into how DeepSeek’s services functioned, as well as operational metadata that offered further understanding of the AI services provided by DeepSeek.
Read more: DeepSeek under fire in Europe as Ireland and Italy investigate data handling
Alex Stamos, chief information security officer, SentinelOne remarked to Economy Middle East, “DeepSeek is not the last AI Lab that’ll come out of China, and U.S. universities and companies should be extremely paranoid with their security to ensure they’re not losing their innovation edge.”
What are the implications of the breach?
The implications of this breach are profound, particularly as DeepSeek has been gaining traction in the AI sector with its innovative models, such as the DeepSeek-R1, which competes with established systems like OpenAI’s offerings. The exposure of such sensitive data not only jeopardizes the security of DeepSeek’s infrastructure but also poses risks to its users, who may have unknowingly shared personal information through the platform.
The researchers noted that the database was accessible via unusual open ports, which led them to the ClickHouse database. This type of database is commonly used for processing large datasets and is known for its efficiency in handling real-time data analytics. However, the lack of security measures in place allowed for a critical vulnerability that could have been exploited by malicious actors.
“We should expect wave after wave of rapid advances in AI capabilities in the coming months and years. AI is accelerating and as efficiencies improve, uptake will increase and use cases will explode. And for every legit use case, there’s a matching malicious use case. For users of AI, consumers and enterprises should, when it comes to AI of Chinese provenance, take a “buyer beware” approach. Cheap prices and fast technology might be tempting but the security and data loss risks are real for individuals and enterprises.” Stamos further noted.
Response from DeepSeek
Following the discovery, Wiz Research promptly reported the issue to DeepSeek, which took immediate action to secure the exposed database. This incident highlights a growing trend among AI startups, where rapid development and deployment of technology often overshadow fundamental security practices. As AI applications become increasingly integrated into various sectors, the need for robust security measures becomes paramount.
The bigger picture
This incident serves as a stark reminder of the vulnerabilities that can arise in the fast-paced world of AI development. While discussions around AI security often focus on futuristic threats, the reality is that many risks stem from basic oversights, such as unprotected databases. As companies rush to adopt AI technologies, they must prioritize data security and collaborate closely with cybersecurity teams to mitigate potential risks.
Moreover, the breach raises questions about the broader implications for user privacy and data protection, especially in light of increasing regulatory scrutiny on AI applications. The European Union’s forthcoming Artificial Intelligence Act aims to enforce stringent regulations on AI technologies, emphasizing the importance of compliance with data protection standards.
Rob T. Lee, chief of Research, SANS Institute, told Economy Middle East that “This incident highlights a fundamental issue: AI development continues to sideline security. DeepSeek should be a wake-up call. The broader industry needs to move beyond seeing security as an afterthought and start integrating cybersecurity at the model design phase. If AI companies don’t address these gaps, we’re going to see these attacks repeat at scale.
“On top of that, DeepSeek’s approach to data privacy is a problem. Unlike OpenAI – which, while imperfect, has a stronger commitment to privacy and anonymization – DeepSeek collects and indefinitely stores massive amounts of user data in China, without clear anonymization measures. That’s a significant risk, not just from a security standpoint but in terms of potential data misuse, regulatory concerns, and overall trust in AI systems,” Lee highlighted.
Vigilance against vulnerabilities
The exposure of DeepSeek’s database underscores the critical need for AI companies to adopt comprehensive security frameworks that can safeguard sensitive user data. As the industry continues to evolve, it is essential for organizations to remain vigilant and proactive in addressing security vulnerabilities. The rapid adoption of AI technologies should not come at the expense of user trust and data integrity.
In conclusion, as AI becomes an integral part of our daily lives, the responsibility lies with developers and companies to ensure that robust security measures are in place to protect user data from potential breaches.
