Summary
Chinese AI company DeepSeek exposed an unprotected database containing over a million unencrypted chat logs, API keys, and other sensitive data.
Security researchers at Wiz discovered the vulnerability and alerted DeepSeek, which promptly took the database offline.
It’s unclear how long the data was exposed or if others accessed it before Wiz.
DeepSeek, which gained viral popularity since its December launch, has not commented.
I’m not surprised. It’s why I haven’t touched it yet.
Just run it locally
Yeah! Locally! There’s no possibility of a backdoor!
Why would the Chinese do that?
You download a model that you plug into a front-end that supports that model type, if the front-end doesn’t give it access it won’t have access.
It’s like being afraid of Photoshop brush file, the brush is only used when you want it how you want it within the confines of Photoshop. Same for models. At worst a backdoor would exist in Photoshop (or in our actual case in one of the front ends) that the brush file somehow exploits, but that’s a big reach, especially with open source software.
If people are however downloading self contained .exes or something with a model+frontend pre-packaged, well, that’s on them. I don’t think deepseek makes any such file available anyway so blaming them feels a bit… xenophobic?
It’s only xenophobic if you trust all the other LLMs made in other countries… which I don’t.
But you jumped on that accusing people of bigotry claim before you bothered to find that out.
Damn, jumping to accusations sure is crazy, what was your first comment in this reply thread again? Jumping to backdoor accusations.
What makes you think I meant that the others don’t have them?
Do I really have to mention every other country with LLMs when I bring up DeepSeek?
To be fair you can run it locally in a virtual machine that is airgapped if you did want to run it
But I’m with you. Im gonna wait a bit longer before trying this one on my personal machines
Yeah, airgapped is definitely different.