Wiz researchers found a publicly accessible, unauthenticated ClickHouse database belonging to Chinese AI startup DeepSeek. Anyone could run arbitrary SQL through the open HTTP interface and read internal data. The exposure surfaced days after DeepSeek's models went viral.
Over a million log lines were exposed, including plaintext chat history, API keys, and backend operational details, with potential for full database control.
Datastores backing AI products must never be internet-facing without authentication, network isolation, and access review before launch.
Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.
Request a demo