DeepSeek has been the name on everyone's lips this week, as the release of its R1 AI model spooked the tech market and caused significant financial losses for several major players. Concerns have been raised regarding the security of the Chinese AI startup and its models—and if reports regarding an open database are to be believed, those claims may have some merit.
New York-based cloud security provider Wiz has issued an advisory claiming its research wing identified a publicly accessible ClickHouse database, belonging to DeepSeek, left "completely open and unauthenticated" (via The Register).
The database was said to have been discovered within minutes of the Wiz research team's investigation into DeepSeek's cybersecurity resilience and it contained "a significant volume of chat history, backend data, and sensitive information."
Worse still, the database was so completely unprotected that it was possible to gain full database control and privilege escalation from inside the environment, with no authentication or defence mechanism present.
A potential attacker could have easily obtained plaintext passwords, local files, and proprietary data with a simple SQL command. Wiz duly informed DeepSeek of the open database, which it says was promptly secured.
As word of DeepSeek's efforts has spread throughout the tech industry, so have potential data security concerns from multiple sources. Data regulators from the UK, Italy, Ireland and Australia have all begun enquiries into the practices of the company, while OpenAI has complained that DeepSeek has been copying its models.
The US Navy has issued a warning to its members to avoid using DeepSeek "in any capacity", while the US National Security Council says it's looking into the security implications of the DeepSeek app.
AI security provider HiddenLayer claims that DeepSeek-R1 is "vulnerable to jailbreak techniques, prompt injections, glitch tokens, and exploitation of its control tokens, making it less secure than other modern LLMs."
Given the disruptive nature of DeepSeek's entry into the market, it's difficult to ascertain how many of these claims are legitimate, and how many may be reactionary attempts looking to restore some of the AI status quo.
Regardless, leaving a database wide open to be manipulated by any who may come prying is not a great look. It seems like no matter what happens next, DeepSeek will be at the top of everyone's AI concerns for a while to come.
Anthropic has developed an AI 'brain scanner' to understand how LLMs work and it turns out the reason why chatbots are terrible at simple math and hallucinate is weirder than you thought
Studio Ghibli AI image trend floods social media, cheered on by OpenAI and denounced by critics as an insult to Hayao Miyazaki
