DeepSeek AI, a fast-growing Chinese AI startup, has found itself at the center of a major security lapse. Security researchers at Wiz discovered that DeepSeek had left a ClickHouse database exposed to the internet, potentially allowing unauthorized access to sensitive operational data. The breach included over a million log entries, chat histories, API secrets, and backend details.
The exposed database was accessible without authentication and allowed full control over its operations via ClickHouse’s HTTP interface. This oversight meant that anyone with knowledge of the database’s endpoints could execute SQL queries directly through a web browser. The extent of unauthorized access remains unclear, but DeepSeek has since addressed the vulnerability after being alerted by security researchers.
The incident underscores the risks of rapidly scaling AI services without robust security measures. “The real dangers often come from basic risks—like the accidental external exposure of databases,” noted Gal Nagli, a researcher at Wiz. While AI security discussions often focus on advanced threats, this breach highlights a more immediate concern: fundamental misconfigurations that leave critical data unprotected.
DeepSeek’s rise has been swift, largely fueled by its open-source models that position themselves as competitors to OpenAI. Its reasoning model, R1, has been described as a major step forward, and its chatbot has topped app store rankings. However, this rapid ascent has also brought scrutiny.
Regulatory concerns have emerged, particularly in Italy, where DeepSeek’s apps were recently pulled following inquiries from the country’s data protection authorities regarding data handling and sourcing practices. Meanwhile, OpenAI and Microsoft are reportedly investigating whether DeepSeek used OpenAI’s API without authorization to train its models, a practice known as distillation.
The breach raises broader questions about the security practices of AI startups racing to deploy large-scale systems. Without rigorous safeguards, such platforms risk exposing sensitive user data and operational secrets, making them vulnerable to exploitation.