DeepSeek: Security Concerns Surface Amid AI Model Release
DeepSeek has sparked attention with its R1 AI model release, but concerns have arisen regarding the company's security practices.
Unsecured Database Exposes Sensitive Information
New York-based Wiz discovered a publicly accessible ClickHouse database belonging to DeepSeek. This database contained a substantial amount of chat history, backend data, and sensitive information.
Alarmingly, the database was completely unprotected, allowing potential attackers to gain full database control and privilege escalation without authentication. Password theft, local file access, and proprietary data extraction were all feasible with a simple SQL command.
DeepSeek has since secured the database, but the incident has raised concerns about the company's security measures.
Wide-Ranging Scrutiny
Data regulators worldwide are investigating DeepSeek's practices. The UK, Italy, Ireland, and Australia have launched inquiries. OpenAI has accused DeepSeek of model copying.
The US Navy has advised its members to avoid using DeepSeek, while the National Security Council is reviewing its security implications.
Security Vulnerabilities in DeepSeek-R1
AI security provider HiddenLayer alleges vulnerabilities in DeepSeek-R1, exposing it to "jailbreak techniques, prompt injections, glitch tokens, and control token exploitation."
Industry Concerns and Reactions
DeepSeek's disruptive market entry has triggered both legitimate concerns and potential reactionary attempts to maintain the AI status quo.
Regardless, the unsecured database has cast a shadow on DeepSeek's security. The company faces ongoing scrutiny and will likely remain a focus of AI security discussions for some time.