US cybersecurity firm finds DeepSeek data exposed on open internet
Finding highlights data privacy risk
Exposed data appeared to capture prompts being sent from users to the company's free AI assistant.
New York based cybersecurity firm Wiz found a database containing sensitive data from the Chinese AI company DeepSeek, unsecured, on the open internet.
In a blog post, Wiz said that the million lines of code it found when scanning DeepSeek’s infrastructure included data exposing the origin of log requests, containing chat history, API keys, directory structures and chatbot metadata logs.
Wiz also said in the post that exposure allowed for “full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defence mechanism to the outside world.”
Reuters reports that DeepSeek secured the data soon after Wiz alerted them.
"They took it down in less than an hour," Wiz CTO Ami Luttwak said. "But this was so simple to find we believe we're not the only ones who found it."
DeepSeek has yet to comment publicly on the discovery.
DeepSeek was hit by a cyberattack on its platform earlier this week. Millions of new users and downloads have made the company and its data a much bigger target. Experts have urged caution with DeepSeek, cautioning that that the privacy policy acknowledges that user data is collected. That data could be shared with anyone – or authority.
The phenomenal success of DeepSeek’s AI assistant which is still the most popular app in Apple’s app store has sparked concern among tech investors. Investors are troubled by the Chinese company’s apparent ability to develop an AI Assistant on a par with Chat-GPT but for a fraction of the price and using a fraction of the resources that US companies have expended. OpenAI has raised a great deal of money insisting that scale is a prerequisite of LLM success. DeepSeek has cast doubt on that argument.
The most recent development is OpenAI complaining that DeepSeek may have developed it’s LLM by distilling OpenAI’s data.