Wiz Research has reported a major security vulnerability in the infrastructure of Chinese AI startup DeepSeek. According to researchers, a ClickHouse database containing chat logs, API keys, backend details, and confidential data was publicly accessible without protection.
Scale of the Data Leak
Wiz Research investigated DeepSeek's infrastructure for potential vulnerabilities and discovered that a ClickHouse database was left exposed with no security measures in place.
Leaked data includes:
- Over 1 million logs detailing DeepSeek’s internal operations.
- API keys and secret tokens used for service functionality.
- User chat history, including messages sent via the platform.
- Backend metadata and infrastructure details.
The database was accessible through oauth2callback.deepseek.com and dev.deepseek.com, with open ports (8123 and 9000) allowing attackers to query and modify data using basic SQL commands.
Wiz Research immediately notified DeepSeek, and the company responded by securing the system.
Potential risks to users:
- User conversations could have been exploited for data analysis or fraud.
- Leaked API keys could have enabled service hijacking and fake token creation.
- Exposed backend access could have led to cyberattacks on DeepSeek’s infrastructure.
Researchers emphasized that attackers could have both accessed and altered system data, posing a threat to DeepSeek and its users.
DeepSeek Under Scrutiny
DeepSeek gained global attention by developing an AI model with a budget of just $10 million, while OpenAI spends over $100 million on computing resources alone. The company's rapid success has triggered concerns among investors, leading to a sharp decline in tech stock prices:
- NVIDIA (-8%).
- Google (-3,2%).
- Amazon & Microsoft (-3,5%).
- Nasdaq 100 futures (-2%).
OpenAI CEO Sam Altman praised DeepSeek’s model as "impressive" but reassured that OpenAI would continue advancing AI capabilities.
Additionally, Microsoft and OpenAI launched an investigation into potential unauthorized use of OpenAI data by DeepSeek. According to Bloomberg, suspicious API data downloads were detected in late 2024, suggesting possible terms of service violations.
Anthropic CEO Dario Amodei believes concerns over DeepSeek challenging U.S. AI dominance are overstated.
“DeepSeek’s resource consumption isn’t significantly different from U.S. AI labs. The company reportedly has 50,000 Hopper-generation chips worth over $1 billion, which is 2-3 times more than many top American AI firms,” he says.
Amid DeepSeek’s rapid rise, Donald Trump announced plans to restrict NVIDIA chip exports to China, likely aiming to secure U.S. leadership in AI development.
Read more:
- Scammers Exploit DeepSeek Hype: Fake Coins Flood the Market
- Trump’s $500B “Stargate”Initiative Announcement Sparks Rise in AI Tokens
- AI Tokens Overtake Meme Coins: Trends, Forecasts, and Risks
This post is for informational purposes only and is not an ad or investment advice. Please do your own research making any decisions.