The generative intelligence platform DeepSeek has set the world on fire this week, but with great popularity comes increased scrutiny. Analysts with Wiz Research have found a fairly substantial hole in the software’s security. The research shows that DeepSeek left one of its critical databases exposed.
This means that whoever came across the database would be allowed access to more than one million records, including user data, system logs, API keys and even prompt submissions. The researchers also noted that they were able to find the database almost immediately, without too much scanning or probing.
BREAKING: Internal #DeepSeek database publicly exposed 🚨
— Wiz (@wiz_io) January 29, 2025
Wiz Research has discovered "DeepLeak" - a publicly accessible ClickHouse database belonging to DeepSeek, exposing highly sensitive information, including secret keys, plain-text chat messages, backend details, and logs. pic.twitter.com/C7HZTKNO3p
“Usually when we find this kind of exposure, it’s in some neglected service that takes us hours to find—hours of scanning,” Nir Ohfeld, the head of vulnerability research at Wiz, told Wired. But this time, he said, “here it was at the front door.”
Wiz Research says it’s possible that a nefarious actor could have used this security hole to access other DeepSeek systems, but the company admits it only performed the base minimum assessment. This was to confirm its findings without further compromising user privacy. There is also no evidence that anyone else found the database.
Wiz staffers didn’t exactly know how to disclose their findings, given that DeepSeek is both a new entity and based in China. Researchers eventually sent their findings to every email address and LinkedIn profile they could find. The database was locked down within 30 minutes of the mass email.
DeepSeek isn’t the only AI company that has experienced a serious security breach (or two.) A hacker was able to access OpenAI’s internal messaging logs back in 2023 and a bug exposed personal information later that year.
“AI is the new frontier in everything related to technology and cybersecurity,” Ohfeld said. “Still we see the same old vulnerabilities like databases left open on the internet.”
As previously mentioned, DeepSeek took the world by storm in the past week or so. The disruptive AI model was allegedly created for just several million dollars. OpenAI runs through billions of dollars each year. This massive financial discrepancy sent the stock market into a tailspin, with many AI-adjacent stocks taking a plunge.
This article originally appeared on Engadget at https://www.engadget.com/ai/security-researchers-found-a-big-hole-in-deepseeks-security-163536961.html?src=rss https://www.engadget.com/ai/security-researchers-found-a-big-hole-in-deepseeks-security-163536961.html?src=rssAutentifică-te pentru a adăuga comentarii
Alte posturi din acest grup
After months of Retroid Pocket Mini buyers reporting issues with the appearance of games when using shaders, Retroid has opened a new return window for people seeking a refund. But there are limita
It may be a while still before we see the smart home hub Apple is rumored to be working on. According to Bloomberg’s Mark Gurman, the company has postponed the announcement of the upcoming
Nintendo added an absolute gem to its Switch Online library of classic titles this week: the 1994 Game Boy game, Donkey Kong. The beloved game arrives alongside the 1995 puzzle game, M
These are the new releases that belong on your reading list. This week, we've got a haunting novel from Charlotte McConaghy that blends mystery with environmental thriller, and a comic mini-ser
