Chinese artificial intelligence startup DeepSeek exposed one of its databases on the internet, which allowed unauthorized access to sensitive information. The exposed database gave full control over the operations of the database, including the ability to access internal data.

The exhibit included more than a million lines of records containing chat histories, Secret Keys, infrastructure details and other highly sensitive information, such as API secrets and operational metadata.

After being contacted by the security firm Wiz, DeepSeek fixed the vulnerability. The database allowed unauthenticated access to a wide range of information. Wiz noted that this allowed for complete control of the database and potential privilege escalation within the DeepSeek environment without requiring authentication.

This incident highlights the risks associated with the rapid adoption of AI services without adequate security measures. It's crucial for security teams to work closely with AI engineers to protect data and prevent accidental exposures.

Fountain: The Hacker News


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »