Open-source AI company DeepSeek has been criticized for a major security flaw that allowed researchers at Wiz to easily access unencrypted user data. The vulnerability exposed details about the company's model infrastructure and raised concerns about the security of sensitive information.
DeepSeek, an AI company that recently unveiled a powerful and affordable open-source model, has been accused of exposing a vast trove of unencrypted user data due to a critical security vulnerability . Researchers at Wiz, a cloud security firm, discovered the flaw in DeepSeek's systems within minutes of investigating. They found that a wide-open back door allowed them to access sensitive internal data without any authentication or defense mechanisms.
DeepSeek immediately took steps to secure its databases after being alerted by Wiz, but the researchers noted the difficulty in contacting anyone at the company, relying on LinkedIn messages and emails to reach them. The vulnerability exposed details about DeepSeek's model infrastructure, revealing that it closely mirrors OpenAI's setup. While this information is relatively harmless in the hands of white-hat hackers like Wiz, the researchers emphasized the potential for malicious actors to exploit the same weakness and steal vast amounts of internal data. 'The fact that mistakes happen is correct, but this is a dramatic mistake, because the effort level is very low and the access level that we got is very high,' said Ami Luttwak, Wiz's chief technology officer. 'I would say that it means that the service is not mature to be used with any sensitive data at all.' This incident highlights the significant security risks associated with open-source AI development, particularly when handling user data.
AI Deepseek Security Vulnerability Data Breach Open Source AI
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
US User Data Stored in China by Popular AI Chatbot DeepSeekDeepSeek, a Chinese-developed AI chatbot, has amassed over 2 million downloads and is raising concerns due to its data storage practices. The app collects vast amounts of user data, including IP addresses, keystroke patterns, and device information, and stores it on servers in China, raising national security risks. Experts warn that this data could be subject to Chinese government access under cybersecurity laws, mirroring the concerns that led to the TikTok ban.
Read more »
Leaked Data Exposes Thousands of Apps Sharing User Location DataA massive data breach involving location data company Gravy Analytics reveals that thousands of popular apps, including games, dating apps, and health trackers, are potentially sharing user location data without their knowledge. The leaked files suggest that much of this data collection is occurring through the online advertising ecosystem, raising serious privacy concerns.
Read more »
DeepSeek vs. ChatGPT: Hands On With DeepSeek’s R1 ChatbotDeekSeek’s chatbot with the R1 model is a stunning release from the Chinese startup. While it’s an innovation in training efficiency, hallucinations still run rampant.
Read more »
China: AI’s Sputnik moment? A short Q and A on DeepSeekOn 20 January the Chinese start-up DeepSeek released its AI model DeepSeek-R1.
Read more »
Italian Data Protection Authority Investigates Chinese AI Chatbot DeepSeek Over Data ConcernsThe Italian Data Protection Authority (Garante) is investigating DeepSeek, a Chinese AI chatbot, over concerns about its data practices and potential risks to the personal information of millions of Italians. Garante is seeking information about the types of personal data collected, the purposes of data collection, and data storage locations.
Read more »
Chinese AI Company DeepSeek Releases Image GeneratorOpenAI accuses Chinese AI startup DeepSeek of improperly using its models to train its own image generator, DeepSeek. OpenAI claims to have 'some evidence' that DeepSeek engaged in 'distillation,' a method of replicating AI models by using their output for training. Microsoft, which holds a 49% stake in OpenAI, discovered last fall that individuals linked to DeepSeek had extracted a significant amount of data via OpenAI's API. This news has sparked controversy, with some pointing out the irony of OpenAI accusing DeepSeek of practices similar to those OpenAI itself has been accused of.
Read more »