On January 29, Wiz Research disclosed a previously open DeepSeek database, revealing sensitive information such as chat logs and API secrets. The discovery occurred quickly as Wiz assessed potential vulnerabilities in DeepSeek's systems. The database, which contains operational details and could potentially facilitate privilege escalation attacks, was found through unusual open ports leading to a ClickHouse database. After alerting DeepSeek, the company secured the database to protect its AI products from potential risks stemming from the disclosed information, emphasizing the security challenges faced in generative AI environments.
"We were shocked, and also felt a great sense of urgency to act fast, given the magnitude of the discovery."
"Wiz Research informed DeepSeek of the breach and the AI company locked down the database; therefore, DeepSeek AI products should not be affected."
Collection
[
|
...
]