New York-based cloud security startup Wiz, announced that it has identified a publicly accessible ClickHouse database belonging to DeepSeek, granting full control over database operations, including access to internal data. This exposure contains over a million lines of log streams with sensitive information, such as chat histories, secret keys, and backend details. The Wiz Research team responsibly disclosed this issue to DeepSeek, which promptly took action to secure the exposed data.Developed by Yandex, ClickHouse is an open-source, columnar database management system designed for fast analytical queries on large datasets. It is used for real-time data processing, log storage, and big data analytics, making it a valuable and sensitive tool.Based out of Hangzhou, China, DeepSeek is an AI company that has launched the DeepSeek-R1 reasoning model, rivalling OpenAI’s o1 in performance and cost-efficiency.Wiz uncovered ClickHouse databaseDuring the external security posture assessment of DeepSeek, the US company claims to have found a publicly accessible ClickHouse database linked completely open and unauthenticated, exposing sensitive data.“It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000,” says Wiz in its blog. This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details. According to Wiz, the exposure provided complete control over the database and the possibility of privilege escalation within the DeepSeek environment, with no authentication or protective measures against outside threats. Wiz began their reconnaissance by examining the publicly available domains of DeepSeek. Utilising both passive and active techniques, they identified approximately 30 internet-facing subdomains. Most subdomains appeared harmless, including the chatbot interface, status page, and API documentation.However, when they expanded their search beyond standard HTTP ports (80 and 443), they discovered two unusual open ports (8123 and 9000) on the following hosts:– http://oauth2callback.deepseek.com:8123  – http://dev.deepseek.com:8123  – http://oauth2callback.deepseek.com:9000  – http://dev.deepseek.com:9000  “This level of access posed a critical risk to DeepSeek’s own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like: SELECT * FROM file(‘filename’) depending on their ClickHouse configuration,” says the company

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More. DeepSeek and its R1 model aren’t wasting any time rewriting the rules of cybersecurity AI in real-time, with everyone from startups to enterprise providers piloting integrations to their new model this month.R1 was developed in China and is based on pure reinforcement learning (RL) without supervised fine-tuning. It is also open source, making it immediately attractive to nearly every cybersecurity startup that is all-in on open-source architecture, development and deployment.DeepSeek’s $6.5 million investment in the model is delivering performance that matches OpenAI’s o1-1217 in reasoning benchmarks while running on lower-tier Nvidia H800 GPUs. DeepSeek’s pricing sets a new standard with significantly lower costs per million tokens compared to OpenAI’s models. The deep seek-reasoner model charges $2.19 per million output tokens, while OpenAI’s o1 model charges $60 for the same

Merchant joins Wiz as a highly accomplished executive, advisor and board member with nearly 30 years of diverse global leadership experience scaling public and private companies.