DeepSeek ClickHouse Leak: AI Data Risks & Cloud Native Log Service Safeguards

Data Leak Analysis

Wiz Research discovered a publicly accessible ClickHouse database belonging to DeepSeek, allowing full read/write access. The leak exposed more than one million log entries containing chat records, API keys, backend details, and other highly sensitive information. The research team promptly reported the issue, and DeepSeek quickly patched the vulnerability.

Exposed Log Fields

timestamp – logs from Jan 6 2025 onward

span_name – references to various DeepSeek API endpoints

string.values – plaintext logs including chats, API keys, backend details, and operation metadata

_service – service‑level logs

_source – request source, containing chat records, API keys, directory structures, and chatbot metadata

The analysis shows that DeepSeek stored API access logs, backend service logs, operation logs, and keys in ClickHouse without authentication, creating a severe data‑leak risk. Compromised API keys could grant attackers global access, underscoring that AI security risks stem not only from the application layer but also from underlying infrastructure and tool platforms.

AI Data Security Reflections

As AI technology rapidly advances, data security becomes a critical challenge for every AI company. Start‑ups must strengthen data‑security awareness and build robust observability systems. Key measures include strict access‑control policies, comprehensive security audits, and real‑time monitoring to detect anomalies.

Cloud Native Data Protection with Alibaba Cloud Log Service (SLS)

SLS is a cloud‑native observability and analysis platform that offers end‑to‑end data collection, processing, querying, visualization, alerting, and multi‑layer security mechanisms such as data masking, access control, and log audit.

Data Collection – Masking at Ingress

By configuring the Logtail masking plugin, sensitive fields are masked before they are written to a Logstore, protecting privacy at the source.

{"chat_msg":"分析一下固体火箭助推器，可以包括其发明或发展，历史发展，历史意义等","access_key":"L00I0t8peAl7nmt4aUujhDUO","ip_address":"105.156.33.72","account_name":"微笑的小羊","phone_number":"+86 230 345 2201"}

After masking, sensitive values are obfuscated (see image).

Data Query – Fine‑Grained Access Control

SLS supports StoreView datasets, which act as virtual resources built on Logstores. By defining field‑level filters in StoreView, queries return only necessary columns, preventing full‑data exposure even if a breach occurs.

Data Monitoring – Real‑Time Threat Detection

CloudLens for SLS provides self‑monitoring capabilities, tracking write/read traffic, identifying abnormal spikes, and generating alerts. Operation trend charts visualize real‑time read/write volumes, while custom reports can pinpoint AKs or IPs with unusually high query rates.

Conclusion

SLS enhances data security through fine‑grained permission control, ingress masking, StoreView field restrictions, and intelligent monitoring. These measures collectively reduce exposure risk, prevent sensitive data from being stored in clear text, limit query scope, and enable rapid detection and response to abnormal data‑exfiltration activities.