In January 2025, the cybersecurity community was alerted to a significant data exposure involving DeepSeek, a prominent Chinese artificial intelligence (AI) startup. Researchers from Wiz, a cloud security firm, discovered that DeepSeek had inadvertently left a critical database accessible on the internet without any authentication measures. This lapse exposed over a million records, including system logs, user prompts, API tokens, and other sensitive information.

Discovery of the Exposure

Wiz’s research team identified the unsecured database within minutes of initiating their assessment of DeepSeek’s external security posture. The database, hosted on subdomains such as oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, was a ClickHouse database—a columnar database management system designed for handling large volumes of data. The absence of authentication controls meant that anyone who stumbled upon these endpoints could execute arbitrary SQL queries and gain unrestricted access to the stored data.

Contents of the Exposed Database

The exposed database contained a wealth of sensitive information:

• Chat Histories: Plaintext logs of user interactions with DeepSeek’s AI assistant, revealing the nature of user queries and the AI’s responses.
• API Keys: Confidential keys used for authenticating and authorising API requests, which could be exploited to gain unauthorised access to DeepSeek’s services.
• Backend Details: Information pertaining to DeepSeek’s internal infrastructure, including directory structures and operational metadata.

The presence of such data in an unsecured state posed significant risks, not only to DeepSeek’s operational integrity but also to the privacy and security of its users.

Immediate Response and Remediation

Upon discovering the vulnerability, Wiz promptly notified DeepSeek through multiple communication channels. DeepSeek responded swiftly, securing the exposed database within approximately half an hour of being alerted. However, it remains unclear whether any malicious actors accessed the data during the period it was exposed.

Industry Reactions and Implications

The incident has raised broader concerns within the AI and cybersecurity communities. DeepSeek’s rapid ascent in the AI sector, marked by the release of its efficient open-weight model, had already attracted significant attention. The data exposure incident has amplified scrutiny over the company’s security practices and the potential risks associated with rapid AI development.

Furthermore, the breach has prompted discussions about the security maturity of emerging AI companies. Ami Luttwak, Wiz’s Chief Technology Officer, remarked, “The fact that mistakes happen is correct, but this is a dramatic mistake, because the effort level is very low and the access level that we got is very high. I would say that it means that the service is not mature to be used with any sensitive data at all.”

Regulatory and Security Concerns

In the wake of the exposure, regulatory bodies have taken note. Italy’s data protection regulator initiated inquiries into DeepSeek’s data handling practices, seeking clarity on where it obtained its training data and the legal grounds for using personal information. Additionally, the U.S. Navy issued an alert advising personnel against using DeepSeek’s services, citing potential security and ethical concerns.

Broader Implications for the AI Industry

This incident underscores the critical importance of robust security measures in the development and deployment of AI technologies. As AI systems become increasingly integrated into various sectors, ensuring the security and privacy of user data is paramount. The DeepSeek data exposure serves as a cautionary tale, highlighting the potential risks of rapid innovation without commensurate investment in security infrastructure.

The DeepSeek data exposure highlights a pressing concern in today’s AI-driven world: the need for rigorous AI security assessments. As artificial intelligence systems become deeply integrated into business operations, from customer interactions to decision-making processes, they present new security challenges. A single vulnerability—such as an unsecured database—can expose sensitive information, enabling cybercriminals to exploit AI models, manipulate outputs, or gain access to critical infrastructure. Conducting a regular AI penetration test ensures that organisations can identify and mitigate risks before they escalate into costly breaches. These evaluations should scrutinise everything from API security and access controls to model integrity and data protection protocols.

Beyond direct security implications, supply chain risk assessments that encompass AI usage are equally crucial. Many organisations rely on third-party AI providers or integrate AI-driven analytics into their supply chains. This interconnected ecosystem introduces additional risks, as security weaknesses in one vendor’s AI system can have cascading effects throughout the supply chain. The DeepSeek incident underscores how an AI service provider’s oversight can expose data and compromise trust, demonstrating the urgent need for due diligence in AI procurement. Organisations must assess the security posture of AI suppliers, enforce stringent contractual security requirements, and ensure ongoing monitoring of AI-related risks. By embedding AI risk management into broader supply chain security frameworks, businesses can safeguard sensitive information, maintain regulatory compliance, and build resilience against emerging threats in the AI landscape.