The cybersecurity world has been rocked by yet another example of how poor security practices can put sensitive data at risk—this time involving DeepSeek, a Chinese AI startup making waves with its advanced reasoning model.
Researchers at Wiz recently uncovered an unprotected ClickHouse database belonging to DeepSeek that exposed over a million log entries, including chat histories, API authentication keys, and backend operational data. This breach underscores a pressing issue: As AI companies race to deploy innovative solutions, security is often left behind.
What happened?
Wiz Research, in a routine assessment of DeepSeek's external security posture, discovered an open and unauthenticated ClickHouse database. This database, hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, allowed unrestricted access to internal logs, API secrets, and operational metadata. The most alarming aspect? It permitted full control over database operations, meaning that an attacker could have potentially escalated privileges, accessed proprietary AI models, or even manipulated system configurations.
The exposure contained log data from early January 2025, including:
-
Plaintext chat histories between users and DeepSeek's AI models
-
API keys and other authentication credentials
-
References to internal DeepSeek services and endpoints
-
Metadata revealing backend structures and chatbot interactions
Upon notification from Wiz, DeepSeek acted swiftly to secure the database—closing the vulnerability within 30 minutes. However, given the scale of exposure and the unknown window of accessibility, the question remains: Did any malicious actors access the data before it was secured?
Gal Nagli, a security researcher at Wiz, commented on the exposure: "This level of access posed a critical risk to DeepSeek's own security and for its end-users. Not only could an attacker retrieve sensitive logs and plaintext chat messages, but they could also potentially exfiltrate plaintext passwords and local files along with proprietary information."
The bigger picture: AI security gaps
This incident highlights a growing concern in the AI sector: companies rapidly scaling their platforms without robust security in place. The industry often focuses on sophisticated threats like adversarial machine learning and model poisoning, but as DeepSeek's case demonstrates, foundational cybersecurity risks remain a more immediate threat.
AI platforms rely on vast amounts of user data, and any security misstep can lead to:
-
Exposure of sensitive user interactions
-
Unauthorized access to proprietary AI models
-
Compromised trust in AI-driven services
Moreover, this isn't the first time DeepSeek has come under scrutiny. The company is currently facing regulatory investigations in Italy over data protection issues and has been flagged by the U.S. Navy for potential national security concerns.
Lessons for security teams
Security professionals must recognize that AI security isn't just about the integrity of models; it's about securing the infrastructure that powers them. Here are key takeaways from this incident:
-
Basic security hygiene is critical – This breach could have been avoided with simple authentication measures on exposed databases.
-
Visibility into AI vendors is a must – Organizations integrating AI solutions should vet providers for strong cybersecurity practices, not just AI capabilities.
-
Collaboration between AI and security teams is essential – AI engineers must work alongside security experts to prevent misconfigurations and unauthorized exposures.
-
Cloud-based AI solutions need rigorous security controls – The rapid adoption of AI services means more sensitive data is stored in cloud environments. Security teams should implement continuous monitoring and access controls to mitigate risks.
The rapid growth of AI should not outpace its security. Because in cybersecurity, as in AI, a single misstep can have consequences far beyond what we can predict.
Follow SecureWorld News for more stories related to cybersecurity.
