A China-based AI company, DeepSeek, has faced criticism for its inadequate cybersecurity practices. Despite developing potentially competitive generative AI models, Wiz, a cybersecurity firm, discovered that DeepSeek exposed sensitive user data and its internal systems to the public internet due to unsecured databases.
A China-based artificial intelligence (AI) company, DeepSeek, has come under fire for its concerning cybersecurity practices. While DeepSeek has gained recognition for developing potentially competitive and cost-effective generative AI models, a recent investigation by cybersecurity firm Wiz revealed significant vulnerabilities in its security posture.
Wiz discovered that DeepSeek, which not only trains openly available AI models but also provides online access to these neural networks through cloud services, failed to adequately secure the database infrastructure underpinning these services. This oversight meant that conversations with DeepSeek's online chatbot, along with a substantial amount of other data, were readily accessible from the public internet without any password requirement. Wiz identified a ClickHouse database, allegedly containing a considerable volume of chat history, backend data, and sensitive information, including log streams, API Secrets, and operational details, as being particularly exposed. The researchers emphasized that the vulnerability allowed for full control of the database and potential privilege escalation within DeepSeek's environment, lacking any authentication or barrier to external access. DeepSeek's ClickHouse database, containing over a million log entries, reportedly held a trove of sensitive data. This included timestamps, references to API endpoints, users' plaintext chat history, API keys, backend details, and operational metadata, among other items.Wiz speculates that, depending on DeepSeek's ClickHouse configuration, an attacker could have potentially retrieved plaintext passwords, local files, and proprietary data using appropriately crafted SQL commands, although they did not attempt such actions. Gal Nagli, a cloud security researcher at Wiz, commented on the incident, stating, 'The rapid adoption of AI services without corresponding security is inherently risky. While much of the attention around AI security is focused on futuristic threats, the real dangers often come from basic risks - like the accidental external exposure of databases. Protecting customer data must remain the top priority for security teams, and it is crucial that security teams work closely with AI engineers to safeguard data and prevent exposure.' DeepSeek, which offers free web and app access, along with paid API access to its CCP-censored AI models, has not yet responded to a request for comment. Its privacy policy for its online services clearly states that it logs and stores full usage information on its servers in China. The Android and iOS app is currently unavailable in Italy after the country's data-protection watchdog raised concerns about the use of personal data. Ireland is also reportedly investigating the company's practices. DeepSeek has also reportedly incurred the displeasure of OpenAI, the US lab renowned for scraping the internet for training data, on the grounds that DeepSeek utilized OpenAI's GPT models to generate material for training DeepSeek's own neural networks
AI Security Deepseek Cybersecurity Vulnerabilities Data Exposure Generative AI
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
DeepSeek Chatbot Overwhelmed by User Demand, Sparks AI TurmoilDeepSeek, a free chatbot similar to ChatGPT, has experienced server overload due to a surge in users, leading to widespread complaints. The sudden popularity, attributed to media coverage following Nvidia's AI chip crash, has raised concerns about DeepSeek's potential reliance on OpenAI's models. The situation has triggered tech turmoil, with US officials investigating claims of knowledge distillation by DeepSeek. DeepSeek's responses regarding sensitive topics like human rights in Xinjiang have also sparked debate.
Read more »
DeepSeek's Open-Source AI Model Sparks US Stock Market Sell-OffA Chinese company's open-source AI model, developed at a fraction of the cost of American counterparts, has triggered a major sell-off in the US stock market, raising concerns about China's growing dominance in artificial intelligence.
Read more »
Chinese AI Chatbot DeepSeek Shakes Up the Tech World, Sparking Concerns About US DominanceDeepSeek, a Chinese AI chatbot, has caused a stir in the technology market by offering a free, cost-effective alternative to leading US players. The emergence of this affordable chatbot raises questions about the future of AI development and the financial resources required for innovation.
Read more »
DeepSeek suspends new registrations amid cyberattackChinese AI startup grapples with consequences of sudden popularity
Read more »
DeepSeek’s rise raises concerns over Chinese AI dominance in the WestIt has rocketed up Apple's app store charts and eclipsed ChatGPT – but what is DeepSeek, and should its Chinese origin concern us?
Read more »
Chinese AI Lab DeepSeek Defies US and Triggers Silicon Valley DebateDeepSeek, a Chinese AI lab, has released the technical details of its advanced language model, R1, challenging the US dominance in AI and sparking debate in Silicon Valley.
Read more »