Pinecone, Weaviate, and Milvus Security Issues in JavaScript and TypeScript Applications
This series shows how vulnerabilities propagate through the stack and provides a framework for defending AI applications in production.
Introduction
Vector databases such as Pinecone, Weaviate, and Milvus are critical components of AI applications. Their JavaScript and TypeScript clients allow developers to embed, query, and retrieve high-dimensional vectors. These integrations come with application security risks, particularly when vector stores are treated as trusted rather than adversarial environments.
Data Exfiltration via Query Abuse
In Pinecone and Weaviate, queries can retrieve vectors along with metadata. If applications expose search endpoints without authentication, attackers can exfiltrate embeddings that contain sensitive corporate documents. One red team assessment demonstrated how an attacker used a simple vector similarity query to leak contract data embedded in Pinecone.
Injection in Vector Metadata
Weaviate and Milvus allow developers to attach metadata to vectors. Applications that concatenate user input into metadata fields without sanitization are vulnerable to injection. In one incident, metadata crafted with malicious JSON led to server errors that revealed underlying database configuration.
Over-Privileged API Keys
API keys for vector databases are often given full cluster access. In a 2024 security review, Pinecone deployments were found exposing keys that allowed both read and write operations. An attacker who compromises the key can poison embeddings, insert malicious data, or delete critical indices.
MITRE ATT&CK Mapping
Conclusion
Vector databases extend the attack surface of AI applications. Without strict authentication, data exfiltration and poisoning are straightforward. Security teams must enforce access controls, sanitize metadata, and scope API keys to the minimum necessary permissions.
References
- Pinecone. (2024). Securing your Pinecone deployment. Pinecone Docs. https://docs.pinecone.io/docs/security
- Weaviate. (2024). Security considerations. Weaviate Documentation. https://weaviate.io/developers/weaviate
- MITRE ATT&CK®. (2024). ATT&CK Techniques. MITRE. https://attack.mitre.org/
Related blogs
Prompt Injection was Never the Real Problem
A review of “The Promptware Kill Chain”Over the last two years, “prompt injection” has become the SQL injection of the LLM era: widely referenced, poorly defined, and often blamed for failures that have little to do with prompts themselves.A recent arXiv paper, “The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware,” tries to correct that by reframing prompt injection as just the initial access phase of a broader, multi-stage attack chain.As a security researcher working on real production AppSec and AI systems, I think this paper is directionally right and operationally incomplete.This post is a technical critique: what the paper gets right, where the analogy breaks down, and how defenders should actually think about agentic system compromise.
A Guide to Securing AI Code Editors: Cursor, Claude Code, Gemini CLI, and OpenAI Codex
AI-powered code editors such as Cursor, Claude Code, Gemini CLI, and OpenAI Codex are rapidly becoming part of enterprise development environments.
From Discovery to Resolution: A Single Source of Truth for Vulnerability Statuses
Continuous visibility from first discovery to final resolution across code repositories and container images, showing who fixed each vulnerability, when it was resolved and how long closure took. Kodem turns issue statuses into ownership for engineers, progress tracking for leadership and defensible risk reduction for application security.
A Primer on Runtime Intelligence
See how Kodem's cutting-edge sensor technology revolutionizes application monitoring at the kernel level.
Platform Overview Video
Watch our short platform overview video to see how Kodem discovers real security risks in your code at runtime.
The State of the Application Security Workflow
This report aims to equip readers with actionable insights that can help future-proof their security programs. Kodem, the publisher of this report, purpose built a platform that bridges these gaps by unifying shift-left strategies with runtime monitoring and protection.
.png)
Get real-time insights across the full stack…code, containers, OS, and memory
Watch how Kodem’s runtime security platform detects and blocks attacks before they cause damage. No guesswork. Just precise, automated protection.
Stay up-to-date on Audit Nexus
A curated resource for the many updates to cybersecurity and AI risk regulations, frameworks, and standards.