DeepSeek AI Exposes Sensitive Data Amid Security Oversight

Emerging Chinese AI startup DeepSeek, which has recently surged in popularity for its open-source AI models, inadvertently left one of its databases exposed on the internet, potentially allowing unauthorized access to sensitive internal data.

According to Wiz security researcher Gal Nagli, the ClickHouse database was publicly accessible and permitted full administrative control, meaning attackers could execute arbitrary database operations and access chat logs, secret keys, API credentials, backend details, and operational metadata.

Unsecured Database Puts AI Infrastructure at Risk

The exposed database, hosted at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000, required no authentication, opening the door for privilege escalation and unauthorized control of DeepSeek’s backend systems. Malicious actors could have exploited ClickHouse’s HTTP interface to run SQL queries directly from a browser.

While DeepSeek has since closed the security loophole after being alerted by Wiz, it remains unclear whether bad actors had already accessed or downloaded the data before the issue was fixed.

"The rapid adoption of AI services without adequate security measures poses a significant risk," Nagli noted. "While much of the AI security discourse focuses on futuristic threats, the real dangers often stem from basic oversights—such as accidentally exposing a database."

DeepSeek’s Meteoric Rise and Mounting Scrutiny

DeepSeek has gained widespread attention for its AI models, with its reasoning model R1 being dubbed “AI’s Sputnik moment.” Its chatbot has topped app store rankings across multiple markets. However, this growth has also attracted malicious cyberattacks, forcing the company to pause new user registrations temporarily.

Meanwhile, DeepSeek is also facing regulatory scrutiny:

• Italy’s data protection watchdog (Garante) requested details on its data handling practices, leading to the company’s apps becoming unavailable in the country.
• Ireland’s Data Protection Commission (DPC) has launched a similar inquiry.
• US national security concerns have been raised over DeepSeek’s Chinese origins.

Additionally, OpenAI and Microsoft are investigating whether DeepSeek used OpenAI’s API outputs without permission to train its models—a controversial practice known as distillation.

An OpenAI spokesperson told The Guardian, "We know that groups in China are actively working to replicate advanced US AI models through distillation and other means."

Security Lessons from the DeepSeek Breach

DeepSeek’s data exposure highlights a broader problem in AI security: rapid innovation often outpaces proper cybersecurity protocols. For AI firms, protecting user data should be paramount, requiring close collaboration between security teams and AI engineers to prevent future data leaks and unauthorized access.