Deep trouble: Infosec firm finds a DeepSeek database 'completely open and unauthenticated' exposing chat history, API keys, and operational details

Image manipulated symbolic alegory pointing into the mystery of being.

(Image credit: Maciej Toporowicz, NYC via Getty Images)

DeepSeek has been the name on everyone's lips this week, as the release of its R1 AI model spooked the tech market and caused significant financial losses for several major players. Concerns have been raised regarding the security of the Chinese AI startup and its models—and if reports regarding an open database are to be believed, those claims may have some merit.

New York-based cloud security provider Wiz has issued an advisory claiming its research wing identified a publicly accessible ClickHouse database, belonging to DeepSeek, left "completely open and unauthenticated" (via The Register).

The database was said to have been discovered within minutes of the Wiz research team's investigation into DeepSeek's cybersecurity resilience and it contained "a significant volume of chat history, backend data, and sensitive information."

Worse still, the database was so completely unprotected that it was possible to gain full database control and privilege escalation from inside the environment, with no authentication or defence mechanism present.

A potential attacker could have easily obtained plaintext passwords, local files, and proprietary data with a simple SQL command. Wiz duly informed DeepSeek of the open database, which it says was promptly secured.

As word of DeepSeek's efforts has spread throughout the tech industry, so have potential data security concerns from multiple sources. Data regulators from the UK, Italy, Ireland and Australia have all begun enquiries into the practices of the company, while OpenAI has complained that DeepSeek has been copying its models.

The US Navy has issued a warning to its members to avoid using DeepSeek "in any capacity", while the US National Security Council says it's looking into the security implications of the DeepSeek app.

AI security provider HiddenLayer claims that DeepSeek-R1 is "vulnerable to jailbreak techniques, prompt injections, glitch tokens, and exploitation of its control tokens, making it less secure than other modern LLMs."

Given the disruptive nature of DeepSeek's entry into the market, it's difficult to ascertain how many of these claims are legitimate, and how many may be reactionary attempts looking to restore some of the AI status quo.

Regardless, leaving a database wide open to be manipulated by any who may come prying is not a great look. It seems like no matter what happens next, DeepSeek will be at the top of everyone's AI concerns for a while to come.

Andy built his first gaming PC at the tender age of 12, when IDE cables were a thing and high resolution wasn't. After spending over 15 years in the production industry overseeing a variety of live and recorded projects, he started writing his own PC hardware blog in the hope that people might send him things. And they did! Now working as a hardware writer for PC Gamer, Andy's been jumping around the world attending product launches and trade shows, all the while reviewing every bit of PC hardware he can get his hands on. You name it, if it's interesting hardware he'll write words about it, with opinions and everything.