Source code of AI software DeepSeek reveals many surprises

What's special about DeepSeek is that the software is developed as open source, allowing the community to contribute and developers to embed this AI tool into their products.

In the context of DeepSeek being "causing a fever" globally, experts from the security company Wiz (USA) have carefully reviewed the open source code of this AI tool.

Experts have discovered that this tool exposes many of its important databases, including system logs, user command content, and even API authentication tokens (security tokens to authenticate access to DeepSeek's programming interfaces)…

In total, more than 1 million records of DeepSeek's important data can be accessed by outsiders without restrictions. Notably, this data can be found through a few small techniques when exploiting the source code, instead of having to search deep and exploit it in a difficult way.

“This was a serious mistake by DeepSeek because the security level was very low and we had very high access without any restrictions on permissions,” said Ami Luttwak, CTO of Wiz.

“This shows that DeepSeek is not secure enough for users to provide any of their sensitive and important data,” Luttwak added.

Security experts are also concerned that bad actors could exploit these leaked databases to penetrate deeper into DeepSeek's system, execute malicious code to steal user information or manipulate the answers provided by this AI tool to users.

“It’s shocking from a security perspective to build an AI model and leave the back door wide open,” Jeremiah Fowler, an independent security researcher, commented after reading the report published by Wiz.

"This means that anyone with an internet connection can access and then manipulate this AI tool, which poses a huge risk to organizations and users," Fowler added.

It is still unclear whether any bad actors have taken advantage of DeepSeek's leaked sensitive data to carry out dark schemes.

Wiz security experts attempted to contact DeepSeek to alert them of their findings.

DeepSeek remained silent and did not respond. However, more than half an hour after the report was sent via email, Wiz experts found that the leaked data in DeepSeek's source code was no longer accessible, meaning that DeepSeek had intervened to handle the problem.

DeepSeek is a startup founded in 2023 by Luong Van Phong. The company is headquartered in Hangzhou, China.

On January 20, DeepSeek released an AI tool called R1 to users. This tool immediately became a global sensation thanks to its impressive and fast response capabilities.

Many users also rate DeepSeek R1 as providing smarter, more accurate and faster answers than other AI tools such as ChatGPT, Gemini or Llama...

What makes DeepSeek most surprising is that this AI model only costs 5.6 million USD to build and operate, while US technology companies are spending hundreds, even billions of dollars to develop and operate their own AI models.

Another point that makes DeepSeek attract the attention of the technology world is that this AI tool was born and developed at a time when the US government was applying sanctions, preventing the supply of high-performance AI chips to Chinese companies.

That means DeepSeek was developed and runs on low-performance AI chips, but still demonstrates impressive power.

The emergence of DeepSeek promises to create a fierce race in AI development between the two superpowers, the US and China.

However, besides the high appreciation, many people are concerned that DeepSeek is a tool of the Beijing government to collect user information through questions or giving answers that are favorable to Chinese policies.