Scott's having a problem with the helicopter co-pilot story.
Meanwhile...
After all these years not being in the industry, I occasionally scan The Register
www.theregister.com: Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek
Quote:
China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story.
Wiz, a New York-based infosec house, says that shortly after the DeepSeek R1 model gained widespread attention, it began investigating the machine-learning outfit's security posture. What Wiz found is that DeepSeek – which not only develops and distributes trained openly available models but also provides online access to those neural networks in the cloud – did not secure the database infrastructure of those services.
That means conversations with the online DeepSeek chatbot, and more data besides, were accessible from the public internet with no password required.
....
To make matters worse, Wiz said, the exposure allowed for full control of the database and potential privilege escalation within the DeepSeek environment, without any authentication or barrier to external access.
|
The technical term for this is 'pants around your ankles'.
Was this reported anywhere else?