Wiz uncovers major DeepSeek data exposure
Wiz uncovers major DeepSeek data exposure
The Chinese AI startup left sensitive information unsecured, raising concerns over AI security risks.
A trove of sensitive data from Chinese artificial intelligence startup DeepSeek was inadvertently exposed to the open internet, cybersecurity firm Wiz revealed on Wednesday. The breach, which included over a million lines of data, underscores the growing security risks associated with the rapid adoption of AI technologies.
According to Wiz, DeepSeek had left a publicly accessible database unprotected, exposing digital software keys, backend operational details, and chat logs containing user prompts from its AI assistant. The discovery was made by Wiz’s research team during a routine scan of DeepSeek’s infrastructure. The firm promptly notified the AI startup, which secured the data within an hour.
“They took it down in less than an hour,” said Ami Luttwak, Wiz’s chief technology officer. “But this was so simple to find that we believe we’re not the only ones who found it.” DeepSeek has yet to respond to requests for comment.
The revelation comes at a critical juncture for DeepSeek, which has recently emerged as one of China’s most promising AI startups. Its DeepSeek-R1 reasoning model has been lauded for matching the capabilities of OpenAI’s models at a fraction of the cost. This cost efficiency has fueled speculation about the long-term viability of U.S. AI giants such as Nvidia and Microsoft, whose profit margins are largely dependent on high-end AI hardware and infrastructure.
DeepSeek’s meteoric rise has not gone unnoticed in global markets. By Monday, its AI assistant had overtaken OpenAI’s ChatGPT in downloads from Apple’s App Store, triggering a selloff in U.S. tech shares. The company’s rapid ascent has been a source of both excitement in China and concern in the U.S., where policymakers are closely watching the evolution of Chinese AI capabilities.
However, the security lapse raises questions about whether AI startups—especially those experiencing rapid growth—are adequately safeguarding sensitive user data. Wiz’s findings suggest that DeepSeek’s database was completely open and unauthenticated, allowing for full administrative control and potential privilege escalation within its environment. The exposed information was hosted on DeepSeek’s infrastructure at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, making it accessible to anyone who stumbled upon it.
“This exposure underscores the fact that the immediate security risks for AI applications stem from the infrastructure and tools supporting them,” Wiz stated in its report. “While much of the attention around AI security is focused on futuristic threats, the real dangers often come from basic risks—like accidental external exposure of databases.”
As AI technologies become increasingly integrated into global businesses, the need for robust security frameworks is becoming more urgent. Many AI startups, including DeepSeek, have grown into critical infrastructure providers without the security measures that typically accompany such widespread adoption. The DeepSeek incident serves as a reminder that AI companies must prioritize security on par with public cloud and major infrastructure providers.
“The world has never seen a technology adopted at the pace of AI,” Wiz noted. “Organizations rushing to implement AI services must ensure that security teams work closely with AI engineers to protect sensitive data and prevent future exposures.”
Reuters contributed to this report
