DeepSeek, the China AI start-up has been deeply faced with a series of attacks since early January in the year 2025. This is a major setback to DeepSeek after it has enjoyed unprecedented popularity in the world of AI. DeepSeek has been brought down to it’s knees by Distributed Denial-of-Service (DDoS) attacks, Brute-force attack, and ultimately data leak that led to the leak of customers’ API keys, data to the public.
DeepSeek has been found to leave it’s OLAP Database, ClickHouse database vulnerable to attackers by making it accessible to the public. According to Wiz security researcher Gal Nagl, “publicly accessible ClickHouse database belonging to DeepSeek, which allows full control over database operations, including the ability to access internal data”. This exposure had left millions of logs entries open to the public. These logs include user secret information like the API keys, personal chats, etc.
Gal Nagl further stated “The rapid adoption of AI services without corresponding security is inherently risky.”
Outside of the leak, DeepSeek, as of 1st of February are unable to accept new sign-ups and also prevented existing users from signing due to excessive DDoS attacks on their infrastructure which disrupted users ability to use DeepSeek AI services. DeepSeek reportedly has only allowed users that use a phone number from China (China Mobile, China Unicom, China Telecom) to register on it’s platform in response to attacks on it’s platform.
China alledge that these attacks are from US hackers. The China’s state broadcaster CCTV claimed that the attack began on January 3 and reached it’s peak on 27th and 28th of January with a major brute-force attack coming from US-based IP addresses. Brute-force attacks which are aimed at cracking user IDs and passwords by testing all possible password combinations until a valid password is found.
The China AI start-up has had allegations from US-based AI companies (including OpenAI) that their AI models were used to make DeepSeek.
These security challenges could endanger the growth of this AI firm. And users need to protect themselves from such vulnerabilities from AI platforms. To stay safe; here are some tips:
- Always use very strong and unique passwords for each account. Password managers like lastpass can help to generate very strong and unique passwords and can also be used to securely save these passwords.
- Use reliable web browsers like Google Chrome, Microsoft Edge, Opera, Firefox, etc. to visit these websites.
- Don’t share your personal/private information. A rule of thumb by Orisatoberu Opeyemi, a Product Engineer at Phrone Tech LTD, is that Don’t discuss with AI What you can’t afford to have in the public domain.
As the appetite for AI is increasingly growing, AI companies should embrace security of their users.
