Wiz, a cloud security firm, discovered a major security flaw in DeepSeek's database, which was publicly accessible without any authentication. This vulnerability allowed unauthorized access to sensitive data, including chat logs, API secrets, and operational details that could have been exploited by attackers. Wiz security researcher Gal Nagli found the ClickHouse database during a reconnaissance operation. Following the disclosure, DeepSeek quickly restricted public access, though they have not commented on the vulnerability's root cause. This incident raises alarms about necessary security protocols within the AI industry.
Wiz uncovered a major security vulnerability in DeepSeek’s database, emphasizing the urgent need for higher security standards in the AI industry.
The exposed ClickHouse database was accessible without authentication, revealing sensitive data and allowing attackers full control over database operations.
Collection
[
|
...
]