In the summer and fall of 2025, PingCAP engaged NCC Group to perform a code assisted security assessment of their cloud-native distributed SQL database, TiDB version 8.5.2. NCC Group's evaluation included a source code review and dynamic testing. The assessment uncovered a set of common application flaws all of which were Low severity rating.