- An investigation has found DeepSeek to be woefully insecure.
- Within minutes, researchers were able to find a publicly accessible database linked to the company that was open and unauthenticated.
- The lack of security not only left sensitive data exposed, but also made it possible for outsiders to take full control of the database and escalate privileges within DeepSeek’s environment.
Chinese startup DeepSeek caught a lot of people off guard with the sudden emergence of its R1 AI model. Capable of going toe-to-toe with rivals like OpenAI’s ChatGPT and Meta’s Llama, yet trained at a fraction of the cost, it became the talk of the town and quickly jumped to number one in the top free apps in the Apple App Store in the US (#10 in the Play Store). Shortly after its meteoric rise in popularity, it was hit by a large-scale cyberattack. After an investigation into the company’s cybersecurity, it’s kind of surprising a cyberattack didn’t happen sooner.
Wiz, a cloud security software company, has published a new report about what its research team found while investigating DeepSeek’s external security posture. According to the report, it appears DeepSeek is not nearly as secure as it should be.