DeepSeek, an open-source AI tool gaining global attention, has been found to contain a serious security vulnerability. Security experts from Wiz have revealed that the software’s source code inadvertently exposed sensitive data, putting users and systems at risk of cyberattacks.
DeepSeek's AI source code reveals surprising detailsDeepSeek’s source code was discovered to leak sensitive information (Illustrative image: CNBC).
1. Discovery of the Security Vulnerability
According to a report by Wiz, DeepSeek’s open-source code unintentionally exposed over a million critical data records, including system logs, user commands, and API authentication tokens. This data could be accessed easily without any special permissions.
Ami Luttwak, CTO of Wiz, stated: “This is a serious mistake due to very low security levels, allowing high access without any restrictions.” This means DeepSeek was not secure enough for users to entrust with sensitive data.
2. Risks Posed by the Security Flaw
This vulnerability poses significant threats. Malicious actors could exploit the leaked data to infiltrate DeepSeek’s systems, execute malicious code, or manipulate AI-generated responses.
Jeremiah Fowler, an independent security researcher, emphasized: “Building an AI model while leaving the backdoor wide open in terms of security creates substantial risks for both organizations and users.”
It remains unclear whether any bad actors have exploited this flaw for malicious purposes. However, after receiving warnings from Wiz, DeepSeek quickly addressed the issue by blocking access to the leaked data.
3. DeepSeek’s Rise to Prominence
DeepSeek, founded in 2023 by Liang Wenfeng in Hangzhou, China, has rapidly gained attention for its superior performance. The company’s AI tool R1, launched on January 20, has been praised for its fast and accurate responses, even outperforming major competitors like ChatGPT, Gemini, and Llama.
What sets DeepSeek apart is its low development cost—just $5.6 million, compared to hundreds of millions invested by U.S. companies in AI. Additionally, the tool performs effectively on lower-performance AI chips, which is notable given U.S. sanctions limiting China’s access to high-performance chips.
4. Concerns About Development Motives
Despite impressive achievements, DeepSeek has faced skepticism. Some fear the tool could be used to collect user data or provide biased answers aligned with Beijing’s interests.
However, no concrete evidence supports these suspicions. DeepSeek’s swift action to fix the security flaw after being alerted demonstrates its efforts to improve security and credibility.
Conclusion
DeepSeek’s emergence has sparked a fierce AI race between the U.S. and China. However, the recent data leak serves as a reminder that developing advanced technology must go hand-in-hand with strong security commitments. Users should exercise caution when providing sensitive information to AI tools, especially those still in their infancy.
Stay updated with the latest news from DeepSeek to ensure you’re always protected when using this technology.
References:
