According to cloud security firm, Wiz. DeepSeek has left user data and user chats exposed, as well as API authentication keys, system logs, and other sensitive information. The security researchers said they found the Chinese AI startup’s publicly accessible database in “minutes,” with no authentication required.
Estimated reading time: 4 minutes
Gunter Ollmann, CTO, Cobalt commented on the situation:
“The DeepSeek exposure highlights a critical and recurring issue—organizations, especially those innovating rapidly in AI, often prioritize speed over security. Wiz’s discovery reinforces the importance of proactive security testing, particularly as attack surfaces expand with cloud-based infrastructure and publicly accessible APIs. Given DeepSeek’s recent global recognition and growth in the AI space, the breach could have had a huge impact, significantly affecting businesses and individuals relying on their services, with potential ripple effects across industries.
This case underscores why organizations must continuously evaluate the robustness of their defensive controls —not just to meet compliance, but to protect sensitive data and improve their risk posture. Offensive security, including penetration testing and attack surface monitoring, is essential in identifying these open doors before adversaries do. AI-driven platforms like DeepSeek must integrate security testing into their development lifecycle, ensuring rigorous assessments of infrastructure, access controls, and data handling policies.
AI may be “new” but the basics of security processes and controls still apply.
As AI companies become integral to critical infrastructure, security can’t be an afterthought. The industry needs to adopt a proactive mindset—regular pentesting, red teaming, and continuous attack surface monitoring—to safeguard both intellectual property and customer trust.”
DeepSeek is a new Chinese AI company that is causing some controversy in the AI industry. What do you think of this story? Read more at Hacker News.
In some of our articles and especially in our reviews, you will find Amazon or other affiliate links. As Amazon Associates, we earn from qualifying purchases. Any other purchases you make through these links often result in a small amount being earned for the site and/or our writers. Techaeris often covers brand press releases. Doing this does not constitute an endorsement of any product or service by Techaeris. We provide the press release information for our audience to be informed and make their own decision on a purchase or not. Only our reviews are an endorsement or lack thereof. For more information, you can read our full disclaimer.
