Wiz Research discovered a publicly accessible ClickHouse database linked to DeepSeek, a Chinese AI startup known for its groundbreaking DeepSeek-R1 reasoning model, rivaling leading systems like OpenAI’s. The exposed database contained a million log streams revealing chat history, secret keys, and sensitive backend details, posing a significant risk to DeepSeek and its users. The lack of authentication allowed full database control and potential privilege escalation. This highlights the importance of maintaining security in AI tools and services, as organizations often overlook basic risks like accidental exposure of databases. Security teams must work closely with AI engineers to safeguard data as AI rapidly becomes critical infrastructure.
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak