A cloud security company found a publicly accessible and totally controllable database that belongs to Deepseek, the Chinese firm that recently shook the world of AI, “in a matter of minutes” of examining Depseek’s security, According to a Wiz blog post.
A clickhouse analytical database linked to Depseek, “completely open and not authenticated”, contained more than 1 million instances of “chat history, backend data and confidential information, including transmission of records, API secrets and operational details “, according to Wiz. An open web interface also allowed complete control of the database and the privilege escalation, with final points and key of internal APIs available through the interface and the parameters of common URLs.
“While much of the AI security is focused on futuristic threats, real dangers often come from basic risks, such as the accidental external exposure of the databases,” writes Gal Nagli in the blog of the blog Wiz. “As organizations rush to adopt tools and services from an increasing number of startups and suppliers, it is essential to remember that in doing so, we trust these companies confidential data. The rapid adoption rhythm often leads to overlook Security, but protecting customer data must continue to be the main priority. “
Ars has contacted Depseek to comment and will update this publication with any response. Wiz said he did not receive a Deepseek response regarding his findings, but after contacting each email from Depseek and LinkedIn Wiz Profile could find on Wednesday, the company protected the databases that Wiz had previously accessed within half an hour .