Authored by Katabella Roberts via The Epoch Times (emphasis ours),
Researchers with cybersecurity company Wiz said on Wednesday that sensitive information from the Chinese artificial intelligence (AI) app DeepSeek was inadvertently exposed to the open internet.
Hangzhou-based DeepSeek prompted a global selloff in tech shares last week when it launched its free, open-source language learning model DeepSeek-R1.
DeepSeek’s flagship v3 model cost $5.6 million to train, amounting to a fraction of the money spent by America’s leading tech companies to train models including OpenAI’s ChatGPT.
The popular app has also raised national security concerns in Washington.
In a blog post, Wiz said it set out to assess the external safety of the chatbot and identify any potential vulnerabilities after it saw a surge in registrations and became the most downloaded free app on Apple’s App Store last week.
Within minutes, researchers with the New York-based cybersecurity company found a publicly accessible database linked to the chatbot that was “completely open and unauthenticated” and “exposing sensitive data,” Wiz said.
The database contained more than a million lines of data that were left unsecured, according to Wiz.
This included sensitive information, along with digital software keys, and chat logs that appeared to capture prompts being sent from users to the company’s free AI assistant, according to the cybersecurity company.
“More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world,” the blog post stated.
Wiz said the level of access posed a critical risk to DeepSeek’s security as well as to its end-users, including allowing bad actors to retrieve sensitive information and plain-text chat messages.
Additionally, the vulnerabilities could allow bad actors to exfiltrate plaintext passwords, Wiz said.
The Wiz Research team “immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the exposure,” according to the blog post.
Wiz noted that the widespread and fast adoption of AI by companies poses ongoing risks, particularly for those that have “rapidly grown into critical infrastructure providers without the security frameworks that typically accompany such widespread adoptions.”
The Epoch Times contacted a DeepSeek spokesperson for comment but did not receive a response by publication time.
DeepSeek said on Monday it would temporarily limit user registrations following “large-scale malicious attacks” targeting its services.
The company reported a major outage was affecting its application programming interface (API) and user logins but did not provide further details regarding the attacks or when it would lift the pause on registrations.
The White House is evaluating the potential national security implications of DeepSeek, White House press secretary Karoline Leavitt told reporters on Tuesday. She said that President Donald Trump “believes in restoring American AI dominance.”
Leavitt’s remarks echoed those made by Trump during a speech to Republican colleagues in Florida on Monday.
During his appearance, Trump said the release of DeepSeek last week and its subsequent impact on the stock market should serve as a wake-up call for American tech companies.
Trump said he hoped the app would prompt U.S. companies to come up with a cheaper, faster method of AI.
“We always have the ideas. We’re always first. So I would say that’s a positive that could be very much a positive development,” Trump said. “So instead of spending billions and billions, you‘ll spend less, and you’ll come up with, hopefully, the same solution.”
Trump on Jan. 21 announced $500 billion in private sector investment to build artificial intelligence (AI) infrastructure in the United States.
OpenAI, Softbank, and Oracle will invest in the infrastructure through their joint venture, Stargate.
Trump described it as the “largest AI infrastructure project by far in history.”
Emel Akan, Reuters, and The Associated Press contributed to this report.