back to article Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek

China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story. Wiz, a New York-based infosec house, says that shortly after the DeepSeek R1 model gained widespread attention, it began investigating the machine-learning outfit's security posture. What …

Page:

  1. cyberdemon Silver badge
    Facepalm

    Remember kids

    The Cloud is Somebody Else's Computer, Your Data is Their Data, and now apparently, Anybody's data.

    1. amajadedcynicaloldfart Bronze badge

      Re: Remember kids

      @cyberdemon

      Sadly, our data has been anyone's data for years.

      Nowt new here

    2. amanfromMars 1 Silver badge

      Re: Remember kids, there aint no free lunches...

      The Cloud is Somebody Else's Computer, Your Data is Their Data, and now apparently, Anybody's data. ...... cyberdemon

      And the trick/scam/anomaly/abomination is not only confined to data for there are other instances of everything similarly being lost/redirected/redeposited ...... Aaaaand it’s gone ..... in a long time before established right dodgy business ........ https://www.youtube.com/watch?v=-DT7bX-B1Mg

      Do you think the proposed multi-billion dollar AI investment plan is another one of those government ponzis masquerading as a nobbled private sector enterprise opportunity masking the necessity of another desperate quantitative easing program poorly designed to try to maintain and sustain a monumenatlly bankrupt entity from being internationally recognised and shunned as a pariah and total fraud?

    3. Throatwarbler Mangrove Silver badge
      Thumb Up

      Re: Remember kids

      @cyberdemon: I was going to upvote your post, but I see you have exactly 42 upvotes, which seems curiously appropriate, so have a virtual upvote instead.

      1. mattaw2001

        Re: Remember kids

        @cyberdemon - I agree with @Throatwarbler Mangrove, so am upvoting his virtual upvote.

    4. ReggieRegReg

      Re: Remember kids

      And over time you give up all your legacy knowledge of infrastructure and how to look after your data (or systems) - outsourcing IT of any sort is a long drawn-out suicide - and every time you change providers you lose another chunk of what you once knew. Banks for instance are IT - that is your business and its entire value - IT is not a cost to be chipped away, without IT you do not exist. If you are better at IT than your competition - you will have a better and more profitable business - even if (gasp) it costs more.

    5. CA Dave

      Re: Remember kids

      And we didn't even need a cloud to do so ever since the Internet for the masses graduated from the buffoonery that was the old AOL keyword searched, which was in the early 90s. Once that happened, and people started posting pictures of everything - including themselves in various states of undress - it's always been "whatever you post online cannot be taken back" after it was already consumed. It's always been inherently risky. Nobody learned anything even ever since the Great Celebrity Nudes dissemination.

  2. TheMaskedMan Silver badge

    "the US lab famous for scraping the internet for training data believes DeepSeek used OpenAI's GPT models to produce material to train DeepSeek's neural networks."

    Oh, the irony! I'm not at all persuaded that OpenAI has done anything wrong in scraping everything it can find, but it would be a bit of rich if they then were churlish enough to complain about DeepSeek sucking that data back out again.

    1. The Central Scrutinizer Silver badge

      They sure as shit have done wrong.

      Do you seriously think that people who have posted stuff on the web over the last 30 plus years have all somehow magically agreed to have that content scraped by a rapacious bot for profit?

      Fuck them very much.

      1. Blazde Silver badge

        I'll happily support OpenAI going after DeepSeek for violating their ToS, just as soon as I get my royalty cheque..

      2. FIA Silver badge

        Do you seriously think that people who have posted stuff on the web over the last 30 plus years have all somehow magically agreed to have that content scraped by a rapacious bot for profit?

        Yes.

        Unless they've written a 'robots.txt' telling people otherwise. ;-)

        AI may be the latest buzzword, but people have been profiting from scraping the internet since the birth of the (commercial) internet. (Early 2000s onwards...)

        1. Anonymous Coward
          Anonymous Coward

          OpenAI didn't start honouring robots.txt until late 2023. They completed their original training run in September 2021.

          So, robots.txt or not, a lot of people's content was scraped against their will.

          1. FIA Silver badge

            Oh, I agree, I think OpenAI's disregard for copyright is atrocious.

            However, I do find a lot of the current 'How dare they?' indignation odd given that Google have become one of the largest companies in the world by scraping the internet, often with little regard to copyright (in the guise of doing the greater good).

            Scrape the internet to let people search it == Okay

            Scrape the internet to let people search it with a more human feeling interface == The devils work

      3. David 164

        Yes because Google been doing it for 20 plus of those years with it webcrawlers.

        1. Blazde Silver badge

          The basics of what Google does is defend-able under fair use quotation/reporting criteria backed up by the lack of harm done to websites it indexes. Where they regurgitate entire paragraphs - featured snippets, info boxes and such - we can assume that's always with the site owner's permission (certainly in the cases I'm aware of). There wasn't ever even much in the way of court action around search engines because of the lack of controversy around their copyright use.

          Scooping up all the data secretly and then using it without any kind of attribution to create works you claim as original is a wholly different situation. It's closer to sampling controversy in popular music, except, if the AI revolution somehow works as promised the effect will be much more harmful to content producers whose rights have been violated.

          1. Anonymous Coward
            Anonymous Coward

            Plus, with search engines, the original author usually sees a benefit - the user ends up visiting their site.

            That's not generally the case with a LLM - it spits out an answer, which the user takes as correct.

          2. FIA Silver badge

            There wasn't ever even much in the way of court action around search engines because of the lack of controversy around their copyright use.

            Yes there was, most were just so long ago that people forget.

            News sites wanted paying to be linked to.

            Authors were annoyed their books were being scanned wholesale without recompence.

            Caching websites was a violation of copyright.

            I'm sure there's a few others I've forgotten.

            1. Blazde Silver badge

              There were some, but it was mainly desperate reaching by content producers. Newspapers wanted money to make up for ad revenue they lost to tech giants for reasons unrelated to linking to their sites, and despite those same tech giants being their main remaining source of page views. I'm not aware it got anywhere in court, which meant there had to be some pity-legislation in a few countries.

              It's unknown yet but I suspect the impact of the hurricane of litigation hitting LLM companies is going to dwarf everything search engines experienced.

  3. wknd
    Linux

    Open Source

    It seems that they take being Open Source to the fullest extent.

    1. drankinatty

      Re: Open Source

      I guess worrying about a backdoor for Xi to peek is the least of your concerns using DeepSeek (or DeepLeak) whatever the moniker is...

      1. Roland6 Silver badge

        Re: Open Source

        This lack of security could have been deliberate…

        Now we all know just how much stuff AI collects and thus is available to those in the shadows..

  4. prh99

    "The biz also upset OpenAI in more ways than one; the US lab famous for scraping the internet for training data believes DeepSeek used OpenAI's GPT models to produce material to train DeepSeek's neural networks."

    No honor among thieves.

  5. amanfromMars 1 Silver badge

    All Live Operational Virtual Environment Systems are Go.

    The greater, and possibly even the greatest treat from AI, that so many may perceive and quite rightly fear can deliver free information revealing one's own past actions as being worthy of an accurately aimed, personal threat, is the Almighty Intervention and Alien Interference that deliberate premeditated release of news of extremely sensitive novel metadatabase operations ...... COSMIC* Intel Applications in NEUKlearer HyperRadioProACTive Terrain .... will supply and driver, mentor and monitor.

    Would you dislike it and try to deny it and think to do battle against it because you know so very little, if anything at all, about the development?

    And would that be wise and helpful or much more likely to be dangerous and hopeless?

    COSMIC* .. Control Of Secret Materiel in/for Internetworking Command

    1. Tubz Silver badge

      Re: All Live Operational Virtual Environment Systems are Go.

      Please stop sniffing the glue and speak English.

      1. Casca Silver badge

        Re: All Live Operational Virtual Environment Systems are Go.

        He is long past glue sniffing

        1. Doctor Syntax Silver badge

          Re: All Live Operational Virtual Environment Systems are Go.

          And we're stuck with him.

      2. UnknownUnknown

        Re: All Live Operational Virtual Environment Systems are Go.

        AI Innit !!

      3. The Last Elephant

        Re: All Live Operational Virtual Environment Systems are Go.

        Are you new here?

    2. golfcaddy

      Re: All Live Operational Virtual Environment Systems are Go.

      WTF?

    3. cyberfiend

      Re: All Live Operational Virtual Environment Systems are Go.

      Perhaps you're a SCHOLAR*

      *Somehow Confidently Having Only Laughably Absurd Replies

    4. m4r35n357 Silver badge

      Re: All Live Operational Virtual Environment Systems are Go.

      Please desist from downvoting - this is prime LLM fodder!

      1. localzuk

        Re: All Live Operational Virtual Environment Systems are Go.

        Imagine an AI trained entirely on his ramblings!

        1. munnoch Silver badge

          Re: All Live Operational Virtual Environment Systems are Go.

          No need to imagine...

        2. Mike Pellatt

          Re: All Live Operational Virtual Environment Systems are Go.

          Have you seen Micah HG on Facebook?

      2. Stuart Castle Silver badge

        Re: All Live Operational Virtual Environment Systems are Go.

        amanfrommars has been on The Register since the early 2000s. Their messages never make sense..

        1. FIA Silver badge

          Re: All Live Operational Virtual Environment Systems are Go.

          ...and we're all secretly a little afraid that one day they will.

        2. Giles C Silver badge

          Re: All Live Operational Virtual Environment Systems are Go.

          Sometimes they do, but not that often.

          Besides it would be boring if they stopped posting…..

    5. Colin Wilson 2

      Re: All Live Operational Virtual Environment Systems are Go.

      'greatest treat' ? Or did you mean 'threat?'

      You can never quite tell with amanfrommars!

      1. Yet Another Anonymous coward Silver badge

        Re: All Live Operational Virtual Environment Systems are Go.

        Can't it be both?

        1. amanfromMars 1 Silver badge

          Re: Can't it be both? [a treat and/or a threat]

          Yes, of course IT can ...... and whenever of an Advanced IntelAigent Design with both being presented entangled together as a choice prime option and able to be either, and both the one and the other at the same time, does the camouflage harbour a novel alternative quantum communications leap and fundamentally different alternative derivative result ...... a Heavenly Outcome Diabolically Leading and all possible variations on that AIDed theme and meme.

          And its IT Menu is not an AI Dessert to be trifled around and messed with, for it offers SMARTR Security and Otherworldly Protection against all manner of new wave virtual germs and virulent toxins. ..... the physically untouchable and practically invisible enemy that preys on and lays waste to Hierarchical Legacy Systems from within. I Kid U Not.

          1. amanfromMars 1 Silver badge

            Re: A Very Strange Case indeed, and unavoidable ‽ Damned if you do, damned if you don't.

            And yes, such overwhelmingly rapid progress and total unexpected unprecedented virtual development of Remote AI models and LLLLMs [Learned Large Language Learning Machines and Extraordinary ExtraTerrestrial AIgents] does have its deep and dark side components to be wary of, and treat appropriately according to Greater Good Needs, with the very real possibility of supernatural Dr Jekyll and Mr Hyde personae arising to create and exercise difficulties apparently being recognised and acknowledged by at least one national defence team which chooses to name it the "Frankenstein Paradox"

            However, this progress comes with a twist: the “Frankenstein Paradox.” The same technologies designed to strengthen defenses could introduce new vulnerabilities, undermining the systems they aim to protect.

            Take care out there. IT is a crazy mined mind field and/or crazy mind mined field and growing ever stronger and more natural

  6. Telecide

    Tripping up the competition?

    While the report regarding the leak may well be true, I can see many stories emerging which helpfully undermine Deepseek and it's progress. If this security vulnerability is/was true, it would seem that Deepseek are undermining themselves by producing what appears to be a good AI but with what appears to be a massive blind spot regarding security.

    1. FIA Silver badge

      Re: Tripping up the competition?

      Security blind spots? They really are just copying OpenAI. ;-)

  7. ComputerSays_noAbsolutelyNo Silver badge
    Joke

    Missed opportunity

    Whenever an AI has a security hole, researchers should try to troll tge AI.

    E.g. in the case of DeepSeek, one could make the AI believe that Winnie the Pooh is president of China.

    Musks AI should use Twitter instead of X

    Microsofts Clippys should recommend Linux and diagnose Windows with cancer.

    ...

    1. StewartWhite Bronze badge

      Re: Missed opportunity

      My (infinitesimally small) contribution to wrecking Deepseek:

      President Winnie the Pooh of China quoted in the South China Morning Post as saying "Down with the yankee imperalist lackey Eeyore!"

      1. Bebu sa Ware
        Coat

        Re: Missed opportunity

        «President Winnie the Pooh of China quoted in the South China Morning Post as saying "Down with the yankee imperalist lackey Eeyore!"»

        Bit hard on Eeyore. He might not be the sharpest tool in shed but if he is indeed a Yankee he certainly has got his compatriots down to a T.

        "No brain at all, some of them, only grey fluff that’s blown into their heads by mistake, and they don’t think."

        The House at Pooh Corner - AA Milne. Chapter I (In which A House Is Built at Pooh Corner for Eeyore)

        1. Doctor Syntax Silver badge

          Re: Missed opportunity

          Wouldn't Tigger be a better fit?

          1. Yet Another Anonymous coward Silver badge

            Re: Missed opportunity

            An orange idiot obviously on massive amounts of uppers who bounces around destroying things with no understanding?

            Or just a Tiger?

  8. Anonymous Coward
    Anonymous Coward

    Amateur hour at Clickhouse

    What database doesn’t come with at least some basic auth enabled out of the box?

    1. Doctor Syntax Silver badge

      Re: Amateur hour at Clickhouse

      It's inconvenient. Disabling it makes life so much easier.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like