Security researchers found a big hole in DeepSeek's security

The generative intelligence platform DeepSeek has set the world on fire this week, but with great popularity comes increased scrutiny. Analysts with Wiz Research have found a fairly substantial hole in the software’s security. The research shows that DeepSeek left one of its critical databases exposed.

This means that whoever came across the database would be allowed access to more than one million records, including user data, system logs, API keys and even prompt submissions. The researchers also noted that they were able to find the database almost immediately, without too much scanning or probing.

BREAKING: Internal #DeepSeek database publicly exposed 🚨

Wiz Research has discovered "DeepLeak" - a publicly accessible ClickHouse database belonging to DeepSeek, exposing highly sensitive information, including secret keys, plain-text chat messages, backend details, and logs. pic.twitter.com/C7HZTKNO3p

— Wiz (@wiz_io) January 29, 2025

“Usually when we find this kind of exposure, it’s in some neglected service that takes us hours to find—hours of scanning,” Nir Ohfeld, the head of vulnerability research at Wiz, told Wired. But this time, he said, “here it was at the front door.”

Wiz Research says it’s possible that a nefarious actor could have used this security hole to access other DeepSeek systems, but the company admits it only performed the base minimum assessment. This was to confirm its findings without further compromising user privacy. There is also no evidence that anyone else found the database.

Wiz staffers didn’t exactly know how to disclose their findings, given that DeepSeek is both a new entity and based in China. Researchers eventually sent their findings to every email address and LinkedIn profile they could find. The database was locked down within 30 minutes of the mass email.

DeepSeek isn’t the only AI company that has experienced a serious security breach (or two.) A hacker was able to access OpenAI’s internal messaging logs back in 2023 and a bug exposed personal information later that year.

“AI is the new frontier in everything related to technology and cybersecurity,” Ohfeld said. “Still we see the same old vulnerabilities like databases left open on the internet.”

As previously mentioned, DeepSeek took the world by storm in the past week or so. The disruptive AI model was allegedly created for just several million dollars. OpenAI runs through billions of dollars each year. This massive financial discrepancy sent the stock market into a tailspin, with many AI-adjacent stocks taking a plunge.

This article originally appeared on Engadget at https://www.engadget.com/ai/security-researchers-found-a-big-hole-in-deepseeks-security-163536961.html?src=rss https://www.engadget.com/ai/security-researchers-found-a-big-hole-in-deepseeks-security-163536961.html?src=rss
Creato 6d | 30 gen 2025, 18:10:09


Accedi per aggiungere un commento

Altri post in questo gruppo

Reddit blames 'bug' after banning more than 90 NSFW subreddits

Reddit briefly banned dozens of subreddits without warning on Wednesday due to a “bug” that affected scores of NSFW communities on the site. Redditors were told the subreddits were banned for being

6 feb 2025, 00:40:06 | Engadget
Google is reportedly changing course on its diversity initiatives, too

Google is changing its tune around efforts to hire employees from historically underrepresented backgrounds, according to

6 feb 2025, 00:40:05 | Engadget
Sonos will cut 'about 200' jobs in restructuring

Sonos is embarking on a restructuring plan that will eliminate about 200 positions at the company. Interim CEO Tom Conrad announced the news in a call with the team, then shared the news in a publi

6 feb 2025, 00:40:03 | Engadget
Apple's M2 MacBook Air drops to $800

The M2 MacBook Air is on sale

5 feb 2025, 22:20:19 | Engadget
ChatGPT Search no longer requires an OpenAI account to use

OpenAI is showing no signs of slowing down its recent pace of updates. On Wednesday, the company announced the

5 feb 2025, 22:20:17 | Engadget