“It is quite shocking to build an AI model and to leave the back door wide open from a security perspective,” says independent security investigator Jeremiah Fowler, who was not involved in WIZ research, but specializes in discovering exposed databases. “This type of operational data and the possibility for everyone with an internet connection to gain access and then to manipulate is an important risk for the organization and users.”
The Deepseek systems are corpses to look very similar to OpenAi's, the researchers told Wider on Wednesday, perhaps to make it easier for new customers to use the Deepseek without problems. The entire Deepseek infrastructure seems to imitate OpenAi's, they say, to details such as the size of the API tests.
The WIZ researchers say they don't know if someone else found the exposed database before they did, but it would not be surprising, considering how easy it was to discover. Fowler, the independent researcher, also notes that the vulnerable database would certainly have been found quickly – if that was not, either by other researchers or bad actors.
“I think this is a wake-up call for the Gulf of AI products and services that we will see in the near future and how seriously they take cyber security,” he says.
Deepseek had a global impact last week, with millions of people who come to the service and push it to the top of the App stores from Apple and Google. The resulting shock waves have wiped out billions from the stock prices of AI companies established in the US and have made managers at companies throughout the country. On Wednesday, sources in OpenAI told the Financial Times that it was investigating the depth use of Chatgpt outputs of Deepseek to train his models.
At the same time, Deepseek has increasingly attracted the attention of legislators and supervisors around the world, who started asking questions about the company's privacy policy, the impact of censorship and whether Chinese ownership offers concern.
The Italian data protection regulator sent Deepseek a series of questions asking where it obtained its training data, if the personal information of people was included and the legal basis of the company for the use of this information. As Wired Italy reported, the Deepseek app seemed not to be available to download in the country after the questions sent.
The Chinese connections of Deepseek also seem to arouse concern about safety. At the end of last week, according to CNBC report, the American Navy gave a warning to its staff that warned them not to use Deepseek's services “in what capacity”. The E -mail said that Marine staff members are not allowed to download, install or use the model and do the concern about 'potential security and ethical' issues.
Despite the hype, however, the exposed data shows that almost all technologies that depend on cloud-held databases can be vulnerable due to simple security falls. “AI is the new border in everything related to technology and cyber security,” says Wiz's Ohfeld, “and yet we see the same old vulnerabilities such as databases that are left on the internet.”
