Exposed DeepSeek Database Revealed Chat Prompts and Internal Data

“It’s pretty shocking to build an AI model and leave the backdoor wide open from a security perspective,” says independent security researcher Jeremiah Fowler, who was not involved in the Wiz research but specializes in discovering exposed databases. “This type of operational data and the ability for anyone with an internet connection to access it and then manipulate it is a major risk to the organization and users.”

DeepSeek’s systems are seemingly designed to be very similar to OpenAI’s, the researchers told WIRED on Wednesday, perhaps to make it easier for new customers to transition to using DeepSeek without difficulty. The entire DeepSeek infrastructure appears to mimic OpenAI’s, they say, down to details like the format of the API keys.

The Wiz researchers say they don’t know if anyone else found the exposed database before they did, but it wouldn’t be surprising, given how simple it was to discover. Fowler, the independent researcher, also notes that the vulnerable database would have “definitely” been found quickly—if it wasn’t already—whether by other researchers or bad actors.

“I think this is a wake-up call for the wave of AI products and services we will see in the near future and how seriously they take cybersecurity,” he says.

DeepSeek has made a global impact over the past week, with millions of people flocking to the service and pushing it to the top of Apple’s and Google’s app stores. The resulting shock waves have wiped billions from the stock prices of US-based AI companies and spooked executives at firms across the country. On Wednesday, sources at OpenAI told the Financial Times that it was looking into DeepSeek’s alleged use of ChatGPT outputs to train its models.

At the same time, DeepSeek has increasingly drawn the attention of lawmakers and regulators around the world, who have started to ask questions about the company’s privacy policies, the impact of its censorship, and whether its Chinese ownership provides national security concerns.

Italy’s data protection regulator sent DeepSeek a series of questions asking about where it obtained its training data, if people’s personal information was included in this, and the firm’s legal grounding for using this information. As WIRED Italy reported, the DeepSeek app appeared to be unavailable to download within the country following the questions being sent.

DeepSeek’s Chinese connections also appear to be raising security concerns. At the end of last week, according to CNBC reporting, the US Navy issued an alert to its personnel warning them not to use DeepSeek’s services “in any capacity.” The email said Navy members of staff should not download, install, or use the model, and raised concerns of “potential security and ethical” issues.

However, despite the hype, the exposed data shows that almost all technologies relying on cloud-hosted databases can be vulnerable through simple security lapses. “AI is the new frontier in everything related to technology and cybersecurity,” Wiz’s Ohfeld says, “and still we see the same old vulnerabilities like databases left open on the internet.”