Skip to main content


Last week, we saw plenty of posts about integrating DeepSeek into applications, running it locally, and similar topics. What surprised me, though, is that while I expected issues to surface, I didn't anticipate such a massive security problem with DeepSeek AI chats. Big thanks to Gal Nagli for this research: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak.

We've seen countless discussions on how companies achieved this cheaply—but also so insecurely. This reflects the current state of the industry, where everyone is racing to outdo competitors in budget, speed, and features while completely neglecting security and stability.

Take Garmin as another example: https://www.dcrainmaker.com/2025/01/garmin-watches-are-crashing-when-trying-to-start-gps.html.
Or this persistent Windows Update issue: https://www.youtube.com/watch?v=h8ppow5te20
And perhaps the biggest failure yet—the CrowdStrike incident: https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_outages.

What do all these examples have in common? A relentless push to move fast and cut costs without investing properly in testing and security processes. Unfortunately, AI has made this situation worse in terms of security and quality.

Businesses rush to integrate AI chat features and provide full access to sensitive data—only to be shocked when data breaches occur. Why spend time and budget on testing when "the AI service has already been tested countless times," right? This flawed mindset has become common.

Why am I talking about this? It's a big problem even for major companies, and we, as tech experts, must continue to prioritize quality and security while balancing business needs. In my next post, I'll share some practical steps you can take to start improving security.

Labels:

Comments

  1. AnonymousFebruary 2, 2025 at 3:20 AM

    "We, as tech experts, must continue to prioritize quality and security while balancing business needs." - 100% agree with this statement. It isn't an easy task, but we must do our best. Businesses explicitly include guidance on testing and security in job descriptions, recognizing these elements as critical components but often neglect advice afterward

    ReplyDelete

Post a Comment

Popular posts from this blog

Why Microsoft Azure Well-Architected Framework Can Improve Architecture

Small and medium-sized businesses often face a common challenge: the absence of experienced cloud engineers. Due to limited resources, teams typically choose the quickest path—getting things done in the easiest, fastest way. Unfortunately, this approach often leads to solutions that aren't secure, cost too much, and become nearly impossible to extend or manage effectively. Recognizing this critical challenge, Microsoft Azure has developed the Well-Architected Framework. This comprehensive set of guidelines and best practices helps businesses assess their existing solutions and guides them toward building robust, secure, cost-effective, and manageable cloud infrastructures from the start. The Azure Well-Architected Framework is structured around five essential pillars: Cost Optimization : Ensuring that cloud resources are used efficiently and effectively, reducing unnecessary expenses. Operational Excellence : Focusing on the ability to run and monitor systems effectively, ensuring ...
2 comments
Read more

"Dushnylo" Series: Monolith First approach.

I keep hearing, “You MUST start with a monolith.” Every new project? Always? When I hear that, two thoughts immediately come to mind:      1️⃣ “It depends.” You can’t just blindly say every project must start as a monolith.      2️⃣ My inner Dushnylo whispers: “Time to make a post about this.” So, here’s my take: I disagree. Not only do I disagree, but I believe the most critical and dangerous part of system design is analyzing and understanding business needs before making architectural decisions. Why? Simple. Imagine you’re building a streaming platform that processes massive amounts of data, handles notifications, and integrates with third-party services. Does this sound like something you’d build as a pure monolith? Of course not. But I do agree on one thing—you have to start somewhere. That starting point could be a simple core application —yes, it might look like a monolith at first. But you’re not designing the entire system as a monolith. ...
Post a Comment
Read more

"Dushnylo" Series: The Trouble with GET: Real-World REST API Challenges

Have you ever seen a fully implemented, truly and absolutely by-the-books REST API? With all the correct HTTP methods, status codes, and the perfect design? No? Me neither. And you might ask — why not? After all, it's supposed to be easy , right? Well, yes — technically, it is easy. But in real life, you always run into edge cases. Let’s take a simple example. According to REST principles, if you want to retrieve data, you should use the GET method. Simple and elegant, and documented everywhere. But then the question arises: how do you pass parameters in a GET request? Answer: via URL path or query parameters. But as you already know, there’s a limit to how much you can fit into a URL — usually around 2048 characters . That’s fine for small, basic queries. But what about advanced searches ? You want to pass dozens of filters , custom ordering , maybe even a list of IDs to fetch. Sometimes it’s a list of GUIDs — and not just one or two, but hundreds . In these cases, G...
Post a Comment
Read more