The exposed data included digital software keys and chat logs, according to cybersecurity firm Wiz.
Researchers with cybersecurity company Wiz said on Wednesday that sensitive information from the Chinese artificial intelligence (AI) app DeepSeek was inadvertently exposed to the open internet.
Hangzhou-based DeepSeek prompted a global selloff in tech shares last week when it launched its free, open-source language learning model DeepSeek-R1.
DeepSeek’s flagship v3 model cost $5.6 million to train, amounting to a fraction of the money spent by America’s leading tech companies to train models including OpenAI’s ChatGPT.
The popular app has also raised national security concerns in Washington.
In a blog post, Wiz said it set out to assess the external safety of the chatbot and identify any potential vulnerabilities after it saw a surge in registrations and became the most downloaded free app on Apple’s App Store last week.
Within minutes, researchers with the New York-based cybersecurity company found a publicly accessible database linked to the chatbot that was “completely open and unauthenticated” and “exposing sensitive data,” Wiz said.
The database contained more than a million lines of data that were left unsecured, according to Wiz.
This included sensitive information, along with digital software keys, and chat logs that appeared to capture prompts being sent from users to the company’s free AI assistant, according to the cybersecurity company.
“More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world,” the blog post stated.
Wiz said the level of access posed a critical risk to DeepSeek’s security as well as to its end-users, including allowing bad actors to retrieve sensitive information and plain-text chat messages.
Additionally, the vulnerabilities could allow bad actors to exfiltrate plaintext passwords, Wiz said.
The Wiz Research team “immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the exposure,” according to the blog post.
Wiz noted that the widespread and fast adoption of AI by companies poses ongoing risks, particularly for those that have “rapidly grown into critical infrastructure providers without the security frameworks that typically accompany such widespread adoptions.”
