Major Security Flaw Discovered in DeepSeek

Security researchers have identified a significant vulnerability in DeepSeek's protection system, potentially compromising its users' data security.
DeepSeek, the Buzzworthy AI Platform, Faces Security Scrutiny
DeepSeek, the generative intelligence platform making headlines this week, has also caught the eye of cybersecurity analysts. Wiz Research, a cybersecurity firm, has uncovered a significant security vulnerability within the software.
Security Flaw Exposes Over a Million Sensitive Records
Wiz Research found that a critical database of DeepSeek was easily accessible online. This database contained over a million sensitive entries, including user information, system logs, API keys, and even prompt submissions. The researchers noted the database was surprisingly easy to locate.
Nir Ohfeld, head of vulnerability research at Wiz, told Wired, “Usually, such exposures are found in neglected services that take us hours to uncover. But this was right at the front door.”
Security Gap Swiftly Sealed Following Disclosure
Unsure how to proceed with a newly based entity in China, Wiz researchers contacted every email and LinkedIn profile they could find. Within 30 minutes of their mass email, the database was secured. Despite the breach, the prompt response by DeepSeek demonstrates operational efficiency, though the need for a mass email highlights a lack of ongoing security monitoring.
Security Vulnerabilities: A Persistent Challenge in AI
DeepSeek is not alone in facing significant AI-related security breaches. In 2023, a hacker accessed OpenAI’s internal messaging logs, and a bug later exposed personal data. “Vulnerabilities like databases left open on the internet remain a reality in the evolving world of AI technology and cybersecurity,” Ohfeld remarked.