Israeli cyber firm claims DeepSeek exposed sensitive data online

Chinese AI startup DeepSeek accidentally exposed sensitive data including software keys and user chat logs to the open internet, according to cybersecurity firm Wiz.

The discovery: Wiz’s infrastructure scans revealed over a million lines of unsecured DeepSeek data accessible on the open internet.

• The exposed information included digital software keys and chat logs containing user prompts to DeepSeek’s free AI assistant
• DeepSeek responded quickly to Wiz’s alert, securing the data within an hour
• Wiz’s CTO Ami Luttwak expressed concern that others may have discovered the vulnerability due to its easy detection

Market impact and competitive position: DeepSeek’s rapid rise has created ripples across the global AI industry and financial markets.

• The company has achieved significant success in China, recently surpassing ChatGPT in Apple App Store downloads
• DeepSeek’s ability to match OpenAI’s capabilities at lower costs has raised questions about U.S. AI companies’ business models
• The news triggered a global selloff in tech shares, highlighting investor sensitivity to AI competition

Security implications: The data exposure raises questions about cybersecurity practices at rapidly growing AI companies.

• The incident highlights the challenges of maintaining robust security measures during periods of rapid growth and scaling
• The exposure of user prompts could potentially reveal sensitive information shared through the AI assistant
• Quick remediation suggests DeepSeek has incident response procedures in place, though the initial security oversight remains concerning

Analyzing the competitive landscape: This security incident occurs against a backdrop of intensifying U.S.-China AI competition, highlighting both the technological advances and potential vulnerabilities of emerging AI companies.