Thought Leadership
The Chinese AI start-up DeepSeek, which has just become known for its powerful language models, had exposed a critical database unprotected on the internet for months. Security researchers were apparently able to access sensitive chat histories and API keys without authentication.
Security researchers from the cloud security company Wiz have uncovered a serious security vulnerability at the up-and-coming AI company DeepSeek. A ClickHouse database was accessible via two publicly accessible server ports without any access protection, the researchers write on their blog. According to the researchers, the exposed database contained over one million data records with highly sensitive information, including chat histories, API keys and internal system details.
When DeepSeek made waves in the artificial intelligence space, the Wiz Research team immediately wanted to assess the company’s security posture and identify potential vulnerabilities, they say. “Within minutes, we found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data.”
ClickHouse is a column-oriented open source database system developed by Yandex and is characterized by its fast processing of analytical queries. The database has been specially optimized for OLAP (Online Analytical Processing) workloads and can compress and process enormous amounts of data highly efficiently thanks to its column-based architecture. ClickHouse is particularly suitable for use cases such as web analytics, telemetry data and business intelligence, where it can easily analyze billions of rows in fractions of a second.
Full control over database possible
The database was therefore accessible via the domains oauth2callback.deepseek.com and dev.deepseek.com on ports 8123 and 9000. The security researchers were able to execute arbitrary SQL queries via ClickHouse’s HTTP interface and thus had practically full administrative control over the system. Log entries since January 6, 2025 were found in the “log_stream” table, which provided detailed insights into the company’s internal systems.
“This level of access posed a critical risk to DeepSeek’s own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information,” warns Wiz.
Basic safety practices neglected
According to Wiz, this case is an example of how basic security measures are being neglected in the AI boom. While the public discussion often revolves around hypothetical risks of artificial intelligence, the concrete dangers arise from inadequate protection of the underlying infrastructure. Following the report by Wiz, DeepSeek immediately closed the security gap.
The incident urges caution in the rapid deployment of AI services: companies should carefully check the security precautions of their AI providers before entrusting them with sensitive data. “As organizations rush to adopt AI tools and services from a growing number of startups and providers, it’s essential to remember that by doing so, we’re entrusting these companies with sensitive data. The rapid pace of adoption often leads to overlooking security, but protecting customer data must remain the top priority,” summarizes the cybersecurity provider.
