HomeBlog › Threats & Incidents

The DeepSeek Breach: The Largest Security Incident at an AI Company

In January 2025, researchers discovered a DeepSeek database that was publicly accessible without any authentication, exposing more than one million records of conversations, API keys, and internal system data.

DeepSeek Data Breach

On January 29, 2025, security researchers from Wiz Research made an alarming discovery: a database belonging to a Chinese artificial intelligence company DeepSeek It was completely exposed on the internet, without any authentication, accessible to anyone in the world.

What they found was no ordinary file. It was a database. ClickHouse on ports 8123 and 9000, which contained more than one million rows of extremely sensitive information: a complete history of conversations with the AI models, backend API keys, system logs, and internal infrastructure metadata.

The case quickly became the most significant security incident in the AI ecosystem in recent years—and an urgent lesson for all companies that use or develop artificial intelligence solutions.

Context: Why DeepSeek Was on the Radar

The week of the incident, DeepSeek had just launched its model R1, which for the first time competed directly with Anthropic’s GPT-4 and Claude 3 in reasoning benchmarks—and was also open source. The launch generated massive coverage in global tech media, subjecting the company to a level of scrutiny it clearly did not anticipate.

It was precisely that scrutiny that led Wiz Research to examine DeepSeek's exposed infrastructure—and discover the open database in less than an hour of investigation.

Critical finding: The database was fully accessible for reading, and it also had administration endpoints enabled that would potentially allow access to the internal infrastructure. Any malicious actor who had discovered it first could have silently exfiltrated the entire contents without leaving a trace.

What data was exposed?

The extent of the breach was documented by Wiz Research and confirmed by independent analysts. The compromised data included:

+1M
Rows of data displayed in the database
<1h
Time it takes Wiz to discover the database
30+
Countries that have initiated investigations or imposed restrictions

Timeline of the Incident

Jan. 22–28, 2025
DeepSeek launches the model R1. It generates massive global coverage. The company is experiencing explosive user growth in a matter of days.
Jan. 29, 2025
Researchers from Wiz Research They discovered that the ClickHouse database was exposed on ports 8123 and 9000. They responsibly contacted DeepSeek before publishing their findings.
Jan. 29–30, 2025
DeepSeek secures the database after receiving the notification. Wiz releases its report with the technical details of the discovery.
Jan–Feb 2025
Multiple authorities Investigations are underway by the Irish Data Protection Commission, the Italian Data Protection Authority, and agencies in Australia, Taiwan, South Korea, and elsewhere. The U.S. Navy has banned the use of DeepSeek on government devices.
March 2025 and beyond
The incident has become a benchmark for security risks in AI infrastructure. Many companies are reviewing the inventory of their own AI tools currently in use.

Why This Incident Is Different from a Classic Data Breach

Traditional data breaches typically compromise user databases—names, email addresses, and passwords. The impact, while serious, is relatively predictable, and organizations know how to respond.

The DeepSeek gap differs in several critical ways:

1. The data presented here consists of conversations with AI

Users interact with AI models by sharing information they would not normally enter into a web form: questions about internal projects, proprietary code, business strategies, customer data, and legal dilemmas. The exposure of these conversations represents a major leak of business intelligence.

2. The error was a basic configuration issue, not a coding issue.

There was no sophisticated exploit. There was no zero-day vulnerability. A production database was simply accessible online without a password. This shows that even companies that build the world's most advanced AI tools can fail to implement the most basic security controls.

3. Exposed API keys increase the risk

In a microservices and AI environment, API keys are the keys to the kingdom. A compromised backend key not only grants access to data—it can also allow attackers to modify models, inject responses, steal additional credentials, or pivot to other connected systems.

4. The volume of data facilitates targeted attacks

With a million conversations, an attacker can identify specific high-value users, reconstruct confidential projects mentioned in chats, and design extremely persuasive phishing attacks based on the victims' real-life context.

Implications for companies in Latin America: If your organization uses third-party AI tools—such as ChatGPT, Copilot, Gemini, Claude, DeepSeek, or others—your employees are likely sharing sensitive information in those conversations. The question isn't whether that data is valuable to an attacker, but rather what controls you have over who can access it.

The risk pattern that this reveals across the entire industry

Following the DeepSeek incident, security researchers began examining the exposed infrastructure of other AI startups—and found similar patterns with alarming frequency:

The rapid growth of the AI ecosystem—where startups go from a prototype to millions of users in a matter of weeks—puts enormous pressure on engineering teams. Security often takes a back seat.

What Your Company Should Do Now

This incident outlines a new set of controls that organizations must implement when adopting tools or developing AI systems:

If they use third-party AI tools

If they develop or deploy AI systems

SOC Monitoring Controls for AI Environments

BorneoCR helps companies in Latin America secure their AI environments. From reviewing attack surfaces in model infrastructure to implementing acceptable use policies for generative AI tools, our SOC team has hands-on experience at the intersection of AI and operational cybersecurity. Consult with us before your company becomes the next headline.

Conclusion

The DeepSeek breach was not a sophisticated attack. It was a basic configuration error at a company that had captured the world’s attention. And that, precisely, is what makes it so significant.

The message for any organization is clear: the complexity and technological advancement of an AI product say nothing about the security maturity of the company that builds it. The rapid adoption of AI—in both startups and established companies—is creating a new attack surface that many security teams have not yet assessed.

In 2026, protecting your organization will no longer mean just securing servers and user credentials. It will also mean understanding where the data processed by their AI tools is stored, who can access it, and what would happen if it were exposed.

Share:
security Review AI security at my company