DeepSeek, a generative intelligence platform, shone this week, but with great popularity comes increased attention. Analysts from Wiz Research have discovered a significant security gap in the software. The research showed that DeepSeek left one of its critical databases unprotected.
This means that anyone who stumbled upon the database would have had access to more than one million records, including user data, system logs, API keys, and even quick dispatches. The researchers also noted that they were able to find the database almost immediately, without too much scanning or probing.
“Usually, when we find vulnerabilities like this, they’re in some neglected service that we spend hours and hours scanning to find,” Nir Ohfeld, head of vulnerability research at Wiz, told Wired. But this time, he said, “it was at the front door.”
Wiz Research says it’s possible that an attacker could have exploited this security hole to access other DeepSeek systems, but the company admits that it only conducted a basic, minimal assessment. This was done to confirm its findings without further compromising user privacy. There is also no evidence that anyone else found the database.
Wiz employees did not know how to publicize their findings, given that DeepSeek is a new company and is based in China. In the end, the researchers sent their findings to all the email addresses and LinkedIn profiles they could find. The database was locked down within 30 minutes of the mass mailing.
DeepSeek is not the only AI company that has faced a major security breach (or even two.) A hacker was able to access OpenAI’s internal message logs back in 2023, and later that year, a bug led to the leak of personal information.
“AI is a new frontier in everything related to technology and cybersecurity,” said Ochfeld. “However, we see the same old vulnerabilities, such as open databases on the Internet.”
As mentioned earlier, DeepSeek has taken the world by storm over the past week or so. The breakthrough artificial intelligence model was allegedly created for just a few million dollars. OpenAI spends billions of dollars every year. This huge financial discrepancy led to a stock market plunge, and many shares of AI-related companies plummeted in value.
