Setting the Stage: DeepSeek’s Approach to the R1 Model:

DeepSeek, led by Liang Wenfeng, emerged from a hedge fund leveraging AI for financial markets. Based in Hangzhou, the same tech hub as Alibaba, DeepSeek innovates by reducing data processing needs in model training—combining its own breakthroughs with techniques used by resource-constrained Chinese AI firms. As AI researcher Lennart Heim explains, traditional models like early ChatGPT versions function like librarians who meticulously read entire libraries before answering questions—an energy-intensive and costly process. DeepSeek’s approach streamlines this, optimizing efficiency without compromising intelligence.

DeepSeek took another approach. Its librarian hasn’t read all the books but is trained to hunt out the right book for the answer after it is asked a question. Layered on top of that is another technique, called “mixture of experts.” Rather than trying to find a librarian who can master questions on any topic, DeepSeek and some other AI developers do something akin to delegating questions to a roster of experts in specific fields, such as fiction, periodicals and cooking. Each expert needs less training, easing the demand on chips to do everything at once. DeepSeek’s approach requires less time and power before the question is asked, but uses more time and power while answering. All things considered, Heim said, DeepSeek’s shortcuts help it train AI at a fraction of the cost of competing models.

The DeepSeek Incident: A Wake-Up Call:

As DeepSeek gained traction in the AI industry, the Wiz a cloud security solution company founded in 2020, conducted an external security assessment to evaluate its vulnerabilities. Almost immediately, they discovered a publicly accessible ClickHouse database directly linked to DeepSeek, left completely open without authentication. This database, hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, contained a substantial amount of sensitive data, including chat logs, backend records, log streams, API secrets, and critical operational details. Even more concerning was the fact that the database’s exposure not only compromised confidential information but also granted full control over its contents. With no authentication or security measures in place, this vulnerability created a risk of privilege escalation within DeepSeek’s infrastructure, leaving its entire environment defenseless against potential threats.

Credits: Wiz Research

How Did the Wiz Team Uncover This Security Glitch?

In cybersecurity, reconnaissance technique refers to the process of gathering information about a target system or network. It is often employed by attackers to identify potential vulnerabilities and access points before launching a cyberattack. Common reconnaissance techniques include footprinting, port scanning, network mapping, OS fingerprinting, DNS record lookups, social engineering, and vulnerability scanning. These techniques can be categorized as either passive (observing publicly available information) or active (interacting with the target system to gather data). Using this technique, the Wiz research team discovered the vulnerabilities.

According to findings reported by the Wiz Research team, an assessment of DeepSeek’s publicly accessible domains revealed significant security risks. Using a combination of passive and active reconnaissance techniques to map the external attack surface, researchers identified approximately 30 internet-facing subdomains. Most of these appeared harmless, hosting components like the chatbot interface, status page, and API documentation, with no immediate signs of critical exposure.

However, upon expanding their search beyond standard HTTP ports (80/443), the team detected two unusual open ports—8123 and 9000—on multiple hosts, including:

Further investigation revealed that these ports provided direct access to a publicly exposed ClickHouse database—entirely unprotected and requiring no authentication. This discovery raised immediate security concerns, as ClickHouse is an open-source, columnar database management system designed for high-speed analytical queries on massive datasets. Originally developed by Yandex, ClickHouse is widely used for real-time data processing, log storage, and big data analytics—making such an exposure particularly sensitive and valuable from a security standpoint.

Database information schema response from the exposed ClickHouse instance. **Credits: Wiz Research**

List of tables from the exposed ClickHouse instance. **Credits: Wiz Research**

API Keys, Chat Logs, and Backend Records from the exposed ClickHouse instance. **Credits: Wiz Research**

Lesson Takeway from Deepseek Security breach:

As AI services are widely adopted across various sectors of the economy, the adoption of these technologies without corresponding security measures is inherently risky. While much of the attention around AI security focuses on futuristic threats, the real dangers often arise from basic risks—such as the accidental external exposure of databases. These fundamental security risks should remain a top priority for security teams.

As organizations rush to adopt AI tools and services from a growing number of startups and providers, it’s essential to remember that we’re entrusting these companies with sensitive data. The rapid pace of adoption can often lead to overlooking security, but protecting customer data must remain the top priority. It’s crucial that security teams work closely with AI engineers to ensure visibility into the architecture, tooling, and models being used, so we can safeguard data and prevent exposure. Failing to do so could result in a severe backlash, damaging client trust and severely impacting the business.

Mitigating the Risks of AI Data Exposure:

Security risks associated with AI data exposure. **Credits: Wiz Research**

Given the security risks outlined above, Spro from HridaAI stands out as a crucial solution for businesses aiming to leverage GenAI while protecting sensitive data. Spro is a secure, AI-driven platform built to ensure data privacy and compliance, allowing businesses to integrate GenAI capabilities effortlessly without sacrificing user trust or regulatory adherence.

Key Features of Spro:

  • Data Privacy and Compliance: Spro prioritises the protection of sensitive data, ensuring that all interactions with GenAI models adhere to stringent privacy standards and regulatory requirements.
  • Secure Integration:The platform offers a secure and scalable solution that integrates seamlessly with existing business operations, eliminating the need for expensive in-house AI infrastructure.
  • Dual Protection Approach:Spro safeguards both AI model creators and users by providing robust security measures against potential threats, protecting intellectual property and sensitive user data.

Spro: Masking and Securing Data Before Sending it to the AI Model.

When using AI tools and services from startups and providers, exposing Personal Identifiable Information (PII), API keys, or source code comes with significant risks. There is often no guarantee or way to fact-check the security measures these platforms have in place to protect sensitive data— as seen in the case of DeepSeek. A critical safeguard against such vulnerabilities is implementing data masking before transmitting information to external service providers. By ensuring that sensitive data is removed or masked at the source, organisations can mitigate the risks of unintended exposure due to security gaps or negligence on the part of third-party providers. This data redaction approach strengthens data security and ensures compliance with best practices in handling confidential information.

To quickly test this, you can either use the playground or the provided code snippet. Additionally, you can get your free API Key and access the documentation for more details about Spro.

import os
from openai import OpenAI
from spro import Spro  # Import the Spro library

# Initialize Spro client with API key
spro_client = Spro(api_key=os.getenv("SPRO_API_KEY"))

# Initialize OpenAI client with your DeepSeek API key
openai_client = OpenAI(api_key="<DeepSeek API Key>", base_url="https://api.deepseek.com")

# Text to be secured
prompt = "Hello, I have a sensitive email at example@example.com."

# Use Spro to secure the text (redact sensitive information)
secured_text = spro_client.secure(prompt)

# Now send the secured (redacted) text to OpenAI for further processing
response = openai_client.chat.completions.create(
    model="deepseek-chat",
    messages=[
        {"role": "system", "content": "You are a helpful assistant"},
        {"role": "user", "content": secured_text},  # Send the redacted text here
    ],
    stream=False
)

# Print OpenAI's response
print(response.choices[0].message.content)

Testing Spro in the Playground – No need to sign up or log in to try it out. Users can instantly experience its features. After logging into Spro, you'll receive a free $25 credit to get started. This enables hands-on experimentation, making it easy to explore and integrate Spro as a Firewall for securely enhancing your AI workflows.

Conclusion

As AI technologies continue to evolve, businesses must prioritise data privacy and security to maintain user trust and comply with regulations. Spro offers a comprehensive solution that addresses these challenges, providing a secure and compliant pathway for businesses to leverage GenAI capabilities effectively.

Protect your AI data today! Try Spro for free in our Playground and experience secure AI integration!

Author Of article : HRIDA AI Read full article