Chinese AI giant DeepSeek left a critical database open, leaking user chats, API keys & internal data. Experts warn of national security risks & reckless AI security.
In a startling security lapse, DeepSeek - China’s rapidly growing artificial intelligence startup left a critical database exposed to the open internet, potentially compromising sensitive user data, chat logs, and secret authentication keys. The security flaw, uncovered by New York-based cybersecurity firm Wiz, could have allowed malicious hackers full control over DeepSeek’s internal systems without authentication.
How Security Researchers Discovered DeepSeek’s Critical Data Leak
Wiz Research identified the vulnerability during a routine scan of DeepSeek’s external security posture. Within minutes, the researchers found an unprotected ClickHouse database, accessible without a password, exposing over a million lines of log data. The database was hosted on multiple open ports at:
- oauth2callback.deepseek.com:8123
- dev.deepseek.com:8123
- oauth2callback.deepseek.com:9000
- dev.deepseek.com:9000
By leveraging ClickHouse’s HTTP interface, the researchers could execute arbitrary SQL queries via a web browser, retrieving tables that contained chat history, API keys, backend metadata, and even operational secrets.
"The rapid adoption of AI services without corresponding security is inherently risky," Nagli wrote. He added, "While much of the attention around AI security is focused on futuristic threats, the real dangers often come from basic risks—like the accidental external exposure of databases."
What Data Was Exposed? A Breakdown of the DeepSeek Breach
The breach exposed a variety of sensitive information, including:
- User Chat Logs: Messages sent to DeepSeek’s AI assistant were stored in plaintext.
- API Secrets & Keys: Authentication credentials that could allow unauthorized access to DeepSeek’s internal systems.
- Backend Metadata: System logs and operational details, which could reveal proprietary AI model structures.
- Potential Privilege Escalation Paths: The database’s open access could have allowed hackers to gain control over other parts of DeepSeek’s infrastructure.
While Wiz researchers exercised ethical restraint by not executing intrusive queries, security experts warn that less scrupulous hackers may have accessed or exfiltrated this data before the vulnerability was patched.
Image Source: Wiz Research
DeepSeek’s Response and the Industry’s Growing Concerns
Once Wiz Research notified DeepSeek, the company quickly secured the database—within an hour, according to Wiz’s CTO Ami Luttwak. However, the incident has raised serious concerns about the security protocols of emerging AI startups.
Jeremiah Fowler, an independent security researcher, called the breach “a wake-up call for AI companies.” He added, “Leaving an entire database open like this is cybersecurity negligence at its worst. It’s like building a bank and forgetting to install locks on the vault.”
AI’s Rapid Growth Outpaces Security: The Risks Behind the DeepSeek Leak
The breach highlights a growing problem in the AI industry: the rush to deploy powerful models without proper security measures. While much of the AI security discussion revolves around advanced threats like model poisoning and prompt injection attacks, experts argue that basic operational security failures - like exposed databases - pose a greater immediate risk.
This wasn’t some sophisticated hack—it was as simple as opening an unlocked door. AI companies need to realize that security is not optional. The next time, it might not be ethical researchers who find the vulnerability.
- Cybersecurity expert Nir Ohfeld of Wiz Research
What This Means for AI Security and Why It’s a Wake-Up Call
DeepSeek’s data breach is a stark reminder that security cannot be an afterthought in the race to dominate the AI landscape. With the company’s global influence expanding and national security concerns mounting, industry leaders and regulators must demand stricter oversight of AI data protection.
