DeepSeek has generated significant attention this week due to concerns surrounding the security of its recently released AI model, which has had a negative impact on the tech market, resulting in considerable financial losses across various companies.

New York-based cloud security firm Wiz disclosed that its research team identified a ClickHouse database owned by DeepSeek that was left “completely open and unauthenticated” (source).

This unsecured database reportedly contained a wealth of sensitive data, including chat logs and operational specifics, which could have been compromised easily by potential attackers using basic SQL commands. Following this revelation, Wiz notified DeepSeek, which promptly secured the database.

As the news circulated, multiple data regulators from the UK, Italy, Ireland, and Australia initiated inquiries into DeepSeek’s corporate practices. Additionally, OpenAI has expressed concerns regarding potential data infringement, claiming that DeepSeek has been replicating its models.

The US Navy has further warned its personnel to refrain from utilizing DeepSeek, while the National Security Council is examining the app’s implications for national security.

Experts are questioning the robustness of DeepSeek’s R1 AI model, asserting that it may be vulnerable to prompt injections and execution of unauthorized commands, positioning it as a lesser-secured alternative compared to contemporary large language models. Regardless, the exposure of such a significant data breach has positioned DeepSeek at the forefront of cybersecurity discussions.