Sensitive data from Chinese AI company DeepSeek has been exposed online thanks to a misconfigured database, according to Wiz Research. The US-based cybersecurity firm reported that the publicly accessible database contained user chat histories, API keys, and internal system details, with no authentication measures in place. After being notified, DeepSeek secured the database.
Gal Nagli of Wiz Research wrote in a blog post that an unsecured ClickHouse database linked to DeepSeek allowed full access to stored records without authentication. While assessing DeepSeek’s external infrastructure, Wiz Research discovered the open database at ‘oauth2callback.deepseek.com:9000’ and ‘dev.deepseek.com:9000.’ The exposed system contained more than a million log entries, including chat interactions, authentication credentials, and backend operational data.
The cybersecurity firm reported that the database’s configuration left sensitive records vulnerable to external access. Without authentication controls in place, unauthorised users could have retrieved stored data and executed queries to extract system files or proprietary information. Wiz Research stated that the open database could have allowed attackers to execute queries capable of retrieving plaintext passwords and other confidential files.
Wiz Research found that the database included a table named “log_stream,” which contained timestamps dating back to 6 January 2025, references to internal API endpoints, and plaintext chat logs from user interactions with DeepSeek’s AI assistant. Additional records detailed system metadata, log origins, and backend activity related to chatbot operations. The misconfiguration also raised concerns over potential privilege escalation. Without authentication barriers, unauthorised users not only may have accessed stored records but also modified database operations, increasing the risk of system manipulation.
During its assessment, Wiz Research identified approximately 30 internet-facing subdomains associated with DeepSeek. While most were linked to operational functions such as chatbot interfaces and API documentation, further analysis revealed two open ports, 8123 and 9000, which provided direct access to the unsecured database.
“Many AI companies have rapidly grown into critical infrastructure providers without the security frameworks that typically accompany such widespread adoptions,” wrote Nagli. “As AI becomes deeply integrated into businesses worldwide, the industry must recognise the risks of handling sensitive data and enforce security practices on par with those required for public cloud providers and major infrastructure providers.”
Market reaction and regulatory scrutiny on DeepSeek
Global technology stocks fell for a second straight day this week following the release of DeepSeek’s AI model, which the company claims operates at lower costs and with reduced data requirements compared to US-built systems. The selloff has raised concerns about the valuations of major AI firms as competition increases.
DeepSeek reported that its V3 model, launched on 10 January, was trained using Nvidia’s H800 chips for under $6 million, far less than the costs incurred by Silicon Valley firms. Its open-source R1 model has also gained attention for reportedly outperforming AI systems developed by US firms, including OpenAI.
As DeepSeek gains visibility, it is also facing scrutiny over allegations of unauthorised data access. Microsoft and OpenAI are investigating whether individuals linked to DeepSeek accessed the ChatGPT maker’s systems without authorisation. Bloomberg News, which first reported the probe, cited security concerns after Microsoft detected large-scale data extraction activity linked to OpenAI’s application programming interface (API).
The White House has launched a national security review of DeepSeek’s AI technology, led by the National Security Council. Italy’s data protection authority has also requested details from Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence regarding their data handling practices.
Meanwhile, The Guardian reported that Yoshua Bengio, a pioneer in modern AI, warned that DeepSeek’s advancements could lead to closer competition between the US and China in the field. “It’s going to mean a closer race, which usually is not a good thing from the point of view of AI safety,” he said, cautioning that US firms and competitors might prioritise maintaining their lead over safety measures. OpenAI, which DeepSeek has challenged with its own virtual assistant, announced plans to accelerate product releases in response to competition.
Separately, Howard Lutnick, US President Donald Trump’s nominee for commerce secretary, told senators on Wednesday that DeepSeek developed an advanced AI model at a fraction of the usual cost by leveraging stolen US technology and semiconductors. Lutnick pledged to address the issue as part of the administration’s AI and national security strategy.
Read more: Microsoft and OpenAI probe alleged data extraction by DeepSeek-linked group
