The Chinese AI startup DeepSeek, known for its advanced AI chatbot DeepSeek R1, has found itself at the centre of a major data breach controversy. Security researchers uncovered a critical vulnerability in its database infrastructure, exposing sensitive user data and operational secrets.
This incident has sparked widespread concerns about the security practices of AI companies, especially as DeepSeek eyes global expansion.
DeepSeek data breach: What exactly happened?
The breach was discovered by Wiz Research, a cybersecurity firm based in New York. Within minutes of scanning DeepSeek’s systems, researchers identified a publicly accessible ClickHouse database hosted on the company’s domains.
Also read: DeepSeek AI: How this free LLM is shaking up AI industry
The database lacked authentication, leaving it open to anyone online. This misconfiguration allowed unrestricted access to over one million log entries containing sensitive information, including chat histories, API keys, backend operational details, and metadata.
What made the situation even more alarming was that the database had full administrative privileges. This meant that not only could an attacker view the data, but they could also modify or delete it. Researchers noted that depending on the database’s configuration, attackers could potentially retrieve plaintext passwords and proprietary files using simple SQL commands.
Vulnerabilities in DeepSeek R1
Apart from the data breach, DeepSeek R1 has been criticised for its susceptibility to cyberattacks. Security researchers have demonstrated how the model can be exploited using techniques like “Evil Jailbreak,” which bypasses safety mechanisms to generate harmful content. These vulnerabilities further compound concerns about the company’s ability to safeguard its systems and users.
Also read: DeepSeek vs Meta: 5 Things Mark Zuckerberg Teased About Llama 4 and the Future of Open-Source AI
Immediate actions and industry concerns
Once alerted by Wiz Research, DeepSeek acted swiftly to secure the exposed database. However, this quick response does little to mitigate the broader implications of such a lapse.
Also read: Qwen 2.5 Max better than DeepSeek, beats ChatGPT in coding, costs 10x less than Claude 3.5
Security experts have criticised the company for failing to implement basic security measures, such as authentication protocols and encryption. Gal Nagli, a cloud security researcher at Wiz, highlighted that while much of the focus in AI security is on futuristic threats like adversarial attacks, basic oversights such as exposed databases pose far greater risks.
Broader implications for AI startups
DeepSeek’s data breach is not an isolated case but rather a symptom of a larger issue within the rapidly growing AI industry. As companies rush to deploy generative AI models and expand their user base, many overlook essential security protocols.
This negligence not only jeopardises user trust but also exposes businesses to regulatory scrutiny and potential legal consequences. The breach has also raised questions about DeepSeek’s readiness for global expansion.
Also read: DeepSeek vs OpenAI: Why ChatGPT maker says DeepSeek stole its tech to build rival AI
The company recently announced plans to host its services on local servers in India, aligning with the country’s data localisation policies. However, this incident casts doubt on whether DeepSeek can meet India’s stringent data protection standards.
Regulatory scrutiny and user concerns
The breach has attracted attention from regulators worldwide. Authorities in Italy and Ireland have launched investigations into DeepSeek’s data handling practices, while the U.S. Navy has warned personnel against using its services due to security concerns.
These developments highlight the growing scrutiny faced by Chinese tech companies operating in international markets. On forums like Reddit, users have expressed outrage over DeepSeek’s negligence. Many have compared this incident to hypothetical scenarios involving U.S.-based companies like Google or OpenAI, emphasising that such lapses would provoke even greater backlash if they occurred in Western firms.
Also read: Deepseek to Qwen: Top AI models released in 2025
Follow Us
Sagar Sharma
A software engineer who happens to love testing computers and sometimes they crash. While reviving his crashed system, you can find him reading literature, manga, or watering plants. View Full Profile
