Cybersecurity researchers from Wiz have found a ClickHouse database owned by Chinese AI start-up DeepSeek containing over a million lines of chat history and sensitive information. The database was publicly accessible and allowed the researchers full control over database operations.
The exposure was quickly secured after Wiz shared its discovery with DeepSeek, but it’s possible that information could have already been exposed. Research of this kind doesn’t pry too far into the databases it finds for ethical reasons, but Wiz concluded that an attacker could potentially escalate their privileges within the DeepSeek environment and retrieve sensitive logs, chat messages, passwords, and local files — all without needing any kind of authentication.
Wiz targeted the start-up due to the recent media buzz around its R1 reasoning model, with the goal of assessing its external security. Somewhat shockingly, the ClickHouse database turned up after just a few minutes of basic searches and Wiz was able to interact with it through ClickHouses’s HTTP interface.
From there, all the researchers had to do was run a SHOW TABLES; query, and a list of accessible datasets appeared, including the “log_steam” table that included the many lines of sensitive information.
In its report, Wiz warns about the speed of AI adoption and how this pressure to develop, release, and integrate AI products as quickly as possible can lead to dangerous security practices. With all of the important and sensitive data that AI programs are now handling, the industry needs to enforce robust security practices that match those of public cloud providers and major infrastructure providers.
