Wiz, a cybersecurity firm headquartered in New York, recently announced a significant discovery regarding sensitive data belonging to the Chinese artificial intelligence startup DeepSeek. According to a detailed blog post published on Wednesday, Wiz conducted thorough scans of DeepSeek’s online infrastructure and uncovered a substantial amount of sensitive information that had been inadvertently exposed to the open internet.

The exposed data comprised more than one million lines of information, which were left unsecured and accessible to anyone browsing the web. Among the sensitive materials identified were digital software keys, which are crucial for securing software applications, as well as chat logs that appeared to document interactions between users and DeepSeek’s free AI assistant. These chat logs notably included prompts sent by users, potentially revealing personal inquiries and other confidential communications.

Wiz’s chief technology officer, speaking to Reuters, emphasized the alarming ease with which this sensitive data was discovered. He noted that once Wiz alerted DeepSeek about the exposure, the startup took immediate action, removing the unsecured data from public access in less than an hour. However, the CTO expressed concern over the accessibility of the data, stating, “This was so simple to find; we believe we’re not the only ones who found it.” This remark raises questions about the overall security practices at DeepSeek and the potential risks faced by users interacting with their AI technologies. The incident highlights the critical importance of robust cybersecurity measures in protecting sensitive information from unintended exposure in the digital landscape.