DeepSeek, the trending Chinese artificial intelligence (AI) startup, recently exposed one of its databases on the internet, potentially allowing unauthorized access to sensitive data. The exposed ClickHouse database provided full control over its operations, according to Wiz security researcher Gal Nagli.
DeepSeek exposes over a million lines
The exposure included over a million lines of log streams featuring chat history, secret keys, backend details, and other critical information, such as API secrets and operational metadata. Following notification attempts from the cloud security firm, DeepSeek has since fixed the security vulnerability.
The database, which was accessible at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000, enabled unauthorized users to execute arbitrary SQL queries via the web browser without requiring authentication. It remains unclear if any malicious actors accessed or downloaded the data before the issue was resolved.
Nagli emphasized the risks of rapid AI service adoption without adequate security measures, highlighting that real risks often stem from basic oversights like accidental database exposure. He stated, “Protecting customer data must remain the top priority for security teams, and it is crucial that security teams work closely with AI engineers to safeguard data and prevent exposure.”
DeepSeek has garnered significant attention for its innovative open-source AI models that aim to compete with established systems like OpenAI, positioning its reasoning model R1 as an “AI’s Sputnik moment.” Its AI chatbot rapidly climbed to the top of app store rankings across multiple markets, even as the company faced “large-scale malicious attacks,” which led to a temporary pause in new registrations.
In a January 29, 2025 update, DeepSeek acknowledged the database issue and indicated that it is implementing a fix. Concurrently, the company faces scrutiny regarding its privacy policies, with its Chinese affiliations raising national security concerns in the United States.
In related developments, DeepSeek’s applications became unavailable in Italy after the country’s data protection regulator, the Garante, sought information regarding the startup’s data handling practices and its sources of training data. The withdrawal of apps from the Italian market may or may not have been a direct response to these inquiries, as the Irish Data Protection Commission (DPC) has also made similar information requests.
OpenAI and Microsoft are investigating whether DeepSeek used OpenAI’s application programming interface (API) without authorization to train its models through a process known as distillation. An OpenAI spokesperson stated, “We know that groups in [China] are actively working to use methods, including what’s known as distillation, to try to replicate advanced US AI models.”
