Security researchers at Wiz Research have disclosed a critical vulnerability in DeepSeek R1, the Chinese AI model that briefly became the most downloaded app in the world, that allowed unauthorized access to user conversation histories, internal system prompts, and API keys. The vulnerability, which existed in DeepSeek publicly accessible database infrastructure, was discovered during a routine security assessment and reported to DeepSeek before public disclosure. The company patched the vulnerability within 24 hours of notification, but the incident has raised serious questions about the security practices of rapidly growing AI companies.
The Nature of the Vulnerability
The vulnerability was a misconfigured ClickHouse database that was publicly accessible without authentication. The database contained over one million rows of log data including chat histories, API keys, backend infrastructure details, and operational metadata. Researchers were able to execute arbitrary SQL queries against the database, potentially allowing an attacker to extract the complete conversation history of any DeepSeek user, access API keys that could be used to impersonate users or make unauthorized API calls, and gain detailed information about DeepSeek internal infrastructure that could be used to plan further attacks.
The exposure was particularly concerning because DeepSeek had attracted tens of millions of users in the weeks following its launch, many of whom had shared sensitive business information, personal data, and confidential documents with the AI model. The potential for this data to have been accessed by unauthorized parties before the vulnerability was discovered and patched represents a significant privacy risk for affected users.
Broader Implications for AI Security
The DeepSeek incident is not an isolated case. As AI companies race to launch products and attract users, security practices are often deprioritized in favor of speed to market. Several other AI companies have experienced similar incidents in recent months, including exposed training data, misconfigured storage buckets containing user conversations, and API vulnerabilities that allowed unauthorized access to other users data.
The fundamental challenge is that AI systems handle extraordinarily sensitive data — conversations that may contain medical information, financial details, business secrets, and personal communications — but are often built by teams that prioritize AI capability over security engineering. The security practices that are standard in financial services and healthcare — threat modeling, penetration testing, security code review, data minimization — are not yet universally adopted in the AI industry.
What Users Should Do
Users who have shared sensitive information with DeepSeek should take several precautionary steps. First, assume that any information shared with the service before the patch was applied may have been exposed and take appropriate action — notifying affected parties, changing passwords or API keys that were shared, and monitoring for signs of unauthorized use. Second, review what information you share with any AI service and avoid sharing information that would cause significant harm if exposed. Third, check whether the AI services you use have published security audits or bug bounty programs, which indicate a more mature security posture.
For organizations using AI services for business purposes, the incident underscores the importance of treating AI services as third-party data processors subject to the same due diligence as any other vendor handling sensitive data. This includes reviewing the vendor security practices, ensuring appropriate data processing agreements are in place, and implementing technical controls that limit the sensitivity of data shared with AI systems.
Regulatory Response
The incident has attracted attention from data protection regulators in multiple jurisdictions. The Italian data protection authority, which had previously blocked ChatGPT over privacy concerns, has opened an investigation into DeepSeek data practices. The UK Information Commissioner Office has requested information from DeepSeek about the incident. In India, the Ministry of Electronics and Information Technology has issued an advisory warning government employees not to use DeepSeek for official purposes pending a security review.
