Chinese AI startup DeepSeek left a publicly accessible database exposed, revealing user chat histories, API authentication keys, system logs, and other sensitive information, according to cloud security firm Wiz. Security researchers discovered the breach within “minutes,” as the database required no authentication.
Massive Security Lapse in AI Startup
The exposed data was stored in an open-source data management system called ClickHouse and contained over 1 million log lines. Wiz warned that the exposure “allowed for full database control and potential privilege escalation within the DeepSeek environment,” posing a significant cybersecurity risk.
The security firm alerted DeepSeek about the issue, and the startup promptly secured the database. However, it remains unclear whether any unauthorized parties accessed the exposed data before it was locked down.
Concerns Over AI Model Development
Wiz researchers noted that DeepSeek’s system architecture closely resembles OpenAI’s, including API key formatting. Earlier this week, OpenAI accused DeepSeek of using its data to train AI models, adding further controversy to the Chinese AI company’s operations.
These security concerns highlight the challenges of safeguarding AI infrastructure, especially as competition between AI firms intensifies. The findings were first reported by Wired.
