Image by File Santilàn, from Unsplash

DeepSeek Data Breach: 1 Million Logs, Chat History, And Keys Exposed

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A publicly accessible database belonging to the Chinese AI company DeepSeek has been found leaking sensitive information, including private chat history and secret keys.

In a Rush? Here are the Quick Facts!

• Over one million lines of sensitive data, including chat history and API keys, were exposed.
• The database used ClickHouse, an open-source data management system, for real-time processing.
• Wiz Research alerted DeepSeek, which secured the exposure after being informed.

Researchers from Wiz Research discovered that the exposed database could be accessed by anyone without any authentication, making it vulnerable to potential security breaches.

DeepSeek , known for its innovative AI models, particularly the cost-effective DeepSeek-R1 reasoning model, recently gained attention in the AI industry for its impressive performance.

However, Wiz Research’s investigation revealed a concerning security flaw that allowed full access to DeepSeek’s database, which included more than a million lines of sensitive log data.

The database, hosted at two addresses—oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000—was discovered through a routine security check of the company’s publicly facing websites.

The database was running on an open-source system called ClickHouse, which is commonly used for fast data processing. Unfortunately, this made the data highly accessible and easy to exploit for anyone with technical knowledge.

Among the sensitive information exposed in the database were logs of user chat history, API keys, backend data, and even internal operational details. These logs included personal information, plain-text chat messages, and data about DeepSeek’s internal systems.

This kind of data could have been used by attackers to access user accounts, steal passwords, or tamper with the company’s operations.

While Wiz Research immediately reported the exposure to DeepSeek, the company took swift action to secure the vulnerability. The incident highlights the ongoing risk that many AI companies face as they rapidly scale their services without fully addressing security concerns.

Wiz Research’s discovery serves as a reminder that, while AI technologies continue to advance, the infrastructure supporting them must also be secured. As AI companies grow and handle more sensitive data, the industry needs to ensure that proper security measures are in place to protect users and their information from exposure.

Image by ijeab, from Freepik

How A YouTuber Is Tricking AI Bots That Steal Her Content

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A YouTuber is taking a creative stand against AI models that scrape and repurpose online content without permission.

In a Rush? Here are the Quick Facts!

• A YouTuber hides junk text in subtitles to confuse AI content scrapers.
• AI summarizers struggle to filter the junk, generating inaccurate video summaries.
• The technique disrupts AI scraping but isn’t foolproof against advanced transcription tools.

F4mi , a creator known for in-depth videos on obscure technology, has developed a method to disrupt AI summarizers by filling her transcripts with misleading, machine-confounding text while keeping them readable for human viewers, as first reported by ArsTechnica .

The rise of AI-generated “faceless” YouTube channels has been a growing concern for many content creators, as noted by Medium . These channels often use AI tools to generate scripts, voiceovers, and visuals, frequently pulling material from existing videos to produce near-instant knock-offs.

Many YouTubers have reported seeing their work copied and repurposed, with AI models pulling directly from their video transcripts.

To counter this, F4mi turned to a decades-old subtitle format called .ass, originally developed for fansubbing anime. Unlike standard subtitle files, .ass supports advanced formatting options like custom fonts, colors, and positioning.

By leveraging these features, F4mi embeds additional text into her subtitles, invisible to human viewers but highly disruptive to AI scraping tools.

Her method involves inserting extra text outside the visible bounds of the screen, using formatting tricks to make the words transparent and unreadable to humans. The inserted text includes public domain passages with minor word replacements, as well as AI-generated nonsense designed to overwhelm summarization tools.

When AI attempts to extract and summarize these subtitles, it ends up with a garbled, inaccurate version of the original content.

F4mi found that while basic AI tools struggled with her approach, more advanced models like OpenAI’s Whisper were still able to extract meaningful information.

To counteract this, she experimented with further scrambling the text at the file level while keeping it readable in playback, adding another layer of complexity for AI attempting to parse it.

ArsTechnica notes that YouTube does not natively support .ass subtitles, so F4mi had to convert her captions to YouTube’s .ytt format. However, this workaround came with drawbacks, particularly on mobile devices where the altered subtitles sometimes appeared as black boxes.

To address this, she developed a Python script that hides her misleading text as black-on-black captions, visible only when the screen fades to black.

Despite these efforts, F4mi acknowledges that her method is not foolproof. AI can still generate transcripts directly from the audio track, and advanced screen readers can extract visible text from videos.

Still, her experiment highlights the growing resistance among content creators against AI models scraping online material without consent. As AI-generated content continues to proliferate, innovative countermeasures like F4mi’s may become increasingly common.