DeepSeek's Database Exposure: A Security Wake-Up Call for the AI Industry

In a recent discovery, Wiz Research uncovered a significant security lapse at DeepSeek, a rising AI startup known for its cost-effective and efficient AI models. A publicly accessible ClickHouse database belonging to DeepSeek was found to be exposing sensitive information and allowing full control over database operations. This incident highlights the critical need for robust security measures within the rapidly evolving AI landscape.

The Discovery

The Wiz Research team, while assessing DeepSeek's external security posture, quickly identified a publicly accessible ClickHouse database. This database, hosted without any authentication, was linked to DeepSeek via the following hosts:

• http://oauth2callback.deepseek.com:8123
• http://dev.deepseek.com:8123
• http://oauth2callback.deepseek.com:9000
• http://dev.deepseek.com:9000

What Was Exposed?

The exposed database contained over a million lines of log streams, revealing a treasure trove of sensitive data, including:

• Chat history
• API secrets
• Backend details
• Operational metadata

The log_stream table within the ClickHouse database was particularly revealing. Key columns included:

• timestamp: Logs dating back to January 6, 2025.
• span_name: References to various internal DeepSeek API endpoints.
• string.values: Plaintext logs, including chat history, API keys, backend details, and operational metadata.
• _service: Indicating which DeepSeek service generated the logs.
• _source: Exposing the origin of log requests, containing chat history, API keys, directory structures, and chatbot metadata logs.

The Potential Impact

The lack of authentication granted full database control, allowing attackers to:

• Retrieve sensitive logs and plaintext chat messages.
• Potentially exfiltrate plaintext passwords and local files containing proprietary information.
• Achieve potential privilege escalation within the DeepSeek environment.

Fortunately, Wiz Research responsibly disclosed the issue to DeepSeek, who promptly secured the exposure.

Key Takeaways for the AI Industry

This incident serves as a critical reminder of the inherent risks associated with the rapid adoption of AI services without adequate security measures. Several key takeaways emerge:

• AI Security Starts with Infrastructure: The immediate security risks for AI applications stem from the infrastructure and tools supporting them. Securing these foundations is paramount.
• Basic Security Hygiene Matters: While futuristic AI threats capture headlines, the real dangers often arise from basic security oversights like accidental database exposures.
• Trust Requires Verification: As organizations integrate AI tools, they entrust sensitive data to AI providers. Security teams must ensure visibility into the architecture, tooling, and models being used.
• Security Must Keep Pace with Adoption: The rapid pace of AI adoption often outstrips security considerations. Protecting customer data must always be the top priority.

Conclusion

The DeepSeek database exposure underscores the urgent need for the AI industry to prioritize security. As AI becomes deeply integrated into businesses worldwide, the industry must embrace security practices on par with those required for public cloud providers and major infrastructure providers. Neglecting these can lead to security exposures for AI applications.

To further understand the broader AI Landscape, read Wiz's State of AI in the Cloud 2025

Tags: #Research, Cloud Security