New York-based cybersecurity firm Wiz discovered a significant data leak from Chinese AI startup DeepSeek, exposing sensitive information on the open internet. A blog post published by Wiz revealed that over a million lines of data, including software keys and user chat logs with DeepSeek’s free AI assistant, were left unsecured.
Wiz’s scans of DeepSeek’s infrastructure uncovered the vulnerability. The exposed data comprised crucial information such as digital software keys, potentially granting unauthorized access to DeepSeek’s systems. Furthermore, chat logs containing user prompts to the AI assistant were also accessible, raising privacy concerns.
According to Wiz’s Chief Technology Officer, Ami Luttwak, DeepSeek responded swiftly to the alert and secured the data within an hour. However, Luttwak expressed concern that the ease of discovery suggests others may have also accessed the information before it was secured. DeepSeek has not yet issued a public statement regarding the incident.
DeepSeek’s rapid rise to prominence following the launch of its AI assistant has generated considerable interest in China and sparked apprehension in the United States. The company’s apparent ability to rival OpenAI’s capabilities at a significantly lower cost has raised questions about the long-term viability and profitability of leading U.S. AI companies like Nvidia and Microsoft.
DeepSeek’s AI assistant recently surpassed ChatGPT in downloads on Apple’s App Store, contributing to a global decline in tech stocks. This incident underscores the critical importance of robust cybersecurity measures, particularly for companies handling sensitive data in the rapidly evolving field of artificial intelligence. The potential ramifications of this data leak for DeepSeek and the broader AI landscape remain to be seen.
