Security DeepSeek left a database wide open, exposing chat logs, API keys, and more ...

[J65nko]

From https://www.theregister.com/2025/01/...ase_left_open/:

Quote:

China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story.

Wiz, a New York-based infosec house, says that shortly after the DeepSeek R1 model gained widespread attention, it began investigating the machine-learning outfit's security posture. What Wiz found is that DeepSeek – which not only develops and distributes trained openly available models but also provides online access to those neural networks in the cloud – did not secure the database infrastructure of those services.

That means conversations with the online DeepSeek chatbot, and more data besides, were accessible from the public internet with no password required.