An unprotected database belonging to Chinese artificial intelligence company DeepSeek exposed highly sensitive information, according to cloud security firm Wiz.
DeepSeek has made many headlines in recent days following the release of its open source AI model, named R1, which the company claims is on par with chatbots such as OpenAI’s ChatGPT and Google’s Gemini in terms of performance, while requiring far less computation power.
DeepSeek’s growing popularity has also attracted the attention of the cybersecurity industry, which has started analyzing the model itself and the Chinese company’s infrastructure.
Researchers at Wiz looked at the company’s external security posture, starting with publicly accessible domains and open ports. A search led to the discovery of several unusual hosts, including one associated with an unprotected ClickHouse database.
An analysis showed that arbitrary SQL queries could be executed against the database, which revealed tables storing roughly one million log lines that included highly sensitive data.
The exposed data included chat history, API keys, backend details, operational metadata, and other types of information that could be useful to a threat actor.
[ Read: Cyber Insights 2025: Artificial Intelligence ]
“This level of access posed a critical risk to DeepSeek’s own security and for its end-users,” Wiz noted in a blog post. “Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along with proprietary information directly from the server […].”
According to Wiz, an unauthenticated attacker could have taken full control of the database and may have been able to escalate privileges within the DeepSeek environment.
DeepSeek quickly patched the exposure after being alerted by Wiz.
The news comes just days after threat intelligence company Kela showed that DeepSeek’s R1 model is vulnerable to jailbreak methods that have long been patched in other popular chatbots.
There has also been some discussion on the privacy and data protection risks associated with the use of the Chinese service, which has been found to send the data of US users to China.
European countries have also started to take notice. In Italy, users have been unable to access the DeepSeek application on the Google and Apple app stores after the country’s data protection authority requested information on its use of personal data. A similar request was also made by authorities in Ireland.
DeepSeek reported earlier this week that it was forced to limit new registrations due to a large-scale cyberattack.
Related: Cisco Unveils New AI Application Security Solution
Related: How to Eliminate “Shadow AI” in Software Development
