DeepSeek AI Assistant Exposes Critical Database, Raises Concerns Over Security

The generative intelligence platform DeepSeek has been making waves in the tech world, but with great popularity comes increased scrutiny. Analysts with Wiz Research have found a critical security vulnerability in the software’s security, exposing a publicly accessible database containing sensitive information.

Database Leak Exposed

The research shows that DeepSeek left one of its critical databases exposed, allowing anyone who came across it to access more than one million records, including user data, system logs, API keys, and even prompt submissions. The researchers were able to find the database almost immediately, without too much scanning or probing.

Breaking News: DeepSeek Database Publicly Exposed

Wiz Research has discovered "DeepLeak" – a publicly accessible ClickHouse database belonging to DeepSeek, exposing highly sensitive information, including secret keys, plain-text chat messages, backend details, and logs. This was revealed by Wiz (@wiz_io) on January 29, 2025.

Security Concerns and Response

Nir Ohfeld, the head of vulnerability research at Wiz, stated that "usually when we find this kind of exposure, it’s in some neglected service that takes us hours to find—hours of scanning." However, this time, he said, "here it was at the front door." Wiz Research says it’s possible that a nefarious actor could have used this security hole to access other DeepSeek systems, but the company admits it only performed the base minimum assessment to confirm its findings without further compromising user privacy.

Disclosure and Lockdown

Wiz staffers didn’t exactly know how to disclose their findings, given that DeepSeek is both a new entity and based in China. Researchers eventually sent their findings to every email address and LinkedIn profile they could find. The database was locked down within 30 minutes of the mass email.

AI Security Concerns

DeepSeek isn’t the only AI company that has experienced a serious security breach (or two). A hacker was able to access OpenAI’s internal messaging logs back in 2023 and a Redis bug was later exposed, revealing personal information.

The New Frontier in Cybersecurity

"AI is the new frontier in everything related to technology and cybersecurity," Ohfeld said. "Still we see the same old vulnerabilities like databases left open on the internet."

Background on DeepSeek

DeepSeek took the world by storm in the past week or so, allegedly created for just several million dollars. OpenAI runs through billions of dollars each year, which has sent the stock market into a tailspin, with many AI-adjacent stocks taking a plunge.