# 📊 HiddenMerit Daily · Issue 41
> Focus on Database Frontiers, Practical Insights for DBAs
> June 11, 2026 | 5 Selected Global Breaking News
## 01|Dameng Applies for AI‑Based Database Intelligent O&M Patent: Moving from “Passive Firefighting” to “Self‑Healing” Databases
On June 10, information from the China National Intellectual Property Administration showed that Wuhan Dameng Database Co., Ltd. applied for a patent titled “An AI‑based database intelligent operation and maintenance method and device,” with publication number CN122173469A, filed on February 5, 2026.
Core Technical Approach:
- Multi‑dimensional Data Collection: Collects raw data from different dimensions, including performance metrics, system logs, SQL execution statistics, etc.;
- Feature Integration and Collaborative Analysis: Preprocesses and extracts features for each dimension, integrates multi‑dimensional features within the same time window into feature vectors, performs collaborative analysis to obtain detection results, predicted events, and anomaly events generated based on detection results;
- Root Cause Reasoning: Performs reasoning on anomaly events to determine the root cause leading to the anomaly;
- Self‑healing Execution: Comprehensively analyses anomaly events, predicted events, and root causes, dynamically selects a self‑healing strategy from a preset strategy library, and uses automated scripts to run the self‑healing strategy to restore the database.
The patent comprehensively applies AI technology, aiming to “reduce the time‑consuming and labour‑intensive manual troubleshooting links in traditional O&M, and shorten the average database recovery time.” Dameng, founded in 2000 and listed on the STAR Market in June 2024, is a leading domestic database product development service provider. In 2025, its revenue was RMB 1.306 billion, net profit RMB 515 million, with software product usage authorisation revenue accounting for 92.55% of total revenue.
On the same day, Dameng also published several other patents, including “A database‑based online data editing method and device” (CN122173586A) and “A distributed exploration method and device for multi‑source heterogeneous spatial data in a database” (CN122112099A).
- DBA Perspective: Dameng’s AI intelligent O&M patent represents a paradigm shift in database operations from “passive firefighting” to “active self‑healing.” The traditional DBA work pattern of “monitoring detection → manual troubleshooting → manual repair” has obvious efficiency bottlenecks when facing large‑scale database clusters. The “root cause reasoning + dynamic self‑healing strategy selection” mechanism proposed in Dameng’s patent means that future databases will have “self‑diagnosis” and “self‑repair” capabilities. For DBAs, this means the focus of work will shift from “repetitive troubleshooting” to “strategy library construction” – defining what anomalies trigger what self‑healing strategies, setting circuit‑breaker boundaries for self‑healing operations, and auditing the execution traces of AI self‑healing. At the same time, Dameng’s 2025 net profit of RMB 515 million and 92.55% software authorisation revenue ratio also confirm the business model maturity of leading domestic database vendors.
- CTO Perspective: Dameng’s patent direction of “self‑healing databases” complements the technical approaches of Tencent Cloud’s DatabaseClaw (AI Agent takeover of O&M) and Alibaba Cloud’s PolarDB AI Assistant (natural language O&M) reported in previous issues. Dameng’s chosen “root cause reasoning + self‑healing execution” route focuses more on automation closed loops at the database kernel level, while Tencent Cloud’s route focuses more on collaboration between DBAs and agents. When planning intelligent database O&M systems, CTOs need to weigh the applicable scenarios of the two approaches.
- Investor Perspective: Dameng’s continued patent investment in AI O&M direction one year after its listing is a signal that domestic databases are transitioning from “domestic replacement” to “technology leadership.” The design concept of the “self‑healing strategy library” in the patent essentially productises and makes replicable the expert experience of DBAs, which will lower the O&M barrier for enterprises using domestic databases, thereby accelerating market penetration. Dameng’s 2025 net profit of RMB 515 million and extremely high gross margin also provide strong valuation support for it in the domestic database track.
Source: China National Intellectual Property Administration & Sina Finance
## 02|Tencent Cloud Upgrades Full‑Stack Platform for Agents: DataBuddy + WeData + AI‑Native Foundation, Building Data Infrastructure for the Agent Era
On June 5, Tencent Cloud announced a full‑stack upgrade of its data platform capabilities for agents, building an intelligent entry point, unified control plane, and data foundation for human‑agent collaboration through a three‑layer architecture: production‑grade data agent DataBuddy, data intelligence platform WeData, and AI‑native big data foundation.
Intelligent Entry Point DataBuddy: Users can automatically complete complex tasks such as data modelling, ETL development, task orchestration, attribution analysis, and report generation by stating requirements in natural language. Since opening internal testing in May, it has attracted over 3,000 enterprises to apply for trials. In data engineering scenarios, it can reduce repetitive development workloads by 80% and improve overall R&D efficiency by 5 to 10 times; over 90% of common faults can be automatically diagnosed and repaired.
Unified Control Plane WeData: Through unified metadata, data semantics, orchestration, and permission systems, it connects the entire process of data development, machine learning, and AI applications, improving overall R&D efficiency by over 50% . The unified semantic layer沉淀 metric definitions, business terms, and business rules into assets that agents can understand and invoke, increasing natural language to SQL accuracy to over 90% . WeData also沉淀 industry data models and business semantic systems for sectors such as gaming and retail.
AI‑Native Data Foundation:
- Storage Intelligence: The new storage architecture reduces storage costs to one‑tenth of traditional solutions and improves retrieval performance by 4.5 times;
- Compute Intelligence: The self‑developed Meson engine improves overall performance in TPC‑DS tests by 3.6 times and reduces CPU resource consumption by 50% ; the self‑developed Xpark cross‑modal compute engine improves inference throughput by 3 times compared to open‑source solutions, with GPU utilisation close to 100% ;
- Data Intelligence: A multi‑agent collaboration system composed of SQL Agent, Code Agent, RAG Agent, and Report Agent has been built;
- System Intelligence: Has handled over 100,000 incidents, resource optimisation can reduce resource consumption by 15%, and fault root cause localisation time has been reduced from 4.5 hours to 30 minutes.
Previously, on June 1, Tencent Cloud had announced a comprehensive upgrade of its database product system for agent scenarios, providing AI‑native database services for three major scenarios – agent applications, AI‑assisted programming, and intelligent O&M – and redesigning database products and capability systems with agents as new users.
- DBA Perspective: Tencent Cloud DataBuddy’s “natural language → automated O&M” capability means that over 90% of common faults in DBAs’ daily work can be automatically diagnosed and repaired by AI. The DBA role is evolving from “manual troubleshooting” to “agent policy manager” – defining agent operation boundaries, auditing their execution traces, and triggering circuit breakers during anomalies. WeData’s unified semantic layer improving natural language to SQL accuracy to over 90% also significantly lowers the barrier to self‑service data access, requiring DBAs to establish quality review mechanisms for AI‑generated SQL. At the same time, Tencent Cloud’s comprehensive database upgrade for agent scenarios systemically implements the concept of “taking agents as new users” reported in Issue 39. DBAs should pay special attention to the skill ecosystem of DatabaseClaw (the database AI agent product) – the experience from hundreds of thousands of DBA tickets沉淀 into Skills means DBAs can amplify their O&M capability radius by training agents.
- CTO Perspective: Tencent Cloud’s full‑stack upgrade for agents covers the complete chain from data foundation to intelligent entry point to unified control plane. For CTOs planning data intelligence platform construction, DataBuddy’s 5‑10x R&D efficiency improvement data is highly compelling, WeData’s unified semantic layer is an effective solution to the long‑standing pain point of “inconsistent business metrics,” and Tencent Cloud’s strategic positioning of “taking agents as new users” provides CTOs with a complete blueprint for agent data infrastructure from underlying architecture to upper‑layer applications. The reduction of fault root cause localisation time from 4.5 hours to 30 minutes is a highly attractive efficiency lever for technical teams with limited O&M personnel.
- Investor Perspective: Tencent Cloud’s layout in agent data infrastructure is synergistic with the AI‑Native 3.0 upgrade reported in Issue 39. DataBuddy attracting 3,000 enterprises to apply for trials within one month of launch indicates strong market demand for “AI‑driven data development.” The construction of the multi‑agent collaboration system (SQL Agent, Code Agent, RAG Agent, Report Agent) also means that Tencent Cloud is systematically embedding AI capabilities into every part of its data platform. It is recommended to follow Tencent Cloud’s subsequent commercialisation progress in the AI data platform direction.
Source: IT之家 & Tencent Cloud Developer Community
## 03|Caixin Securities Procures Kingbase Database: Xinchuang Replacement in Broker Core Business Systems Advances
On June 5, the transaction results for the Caixin Securities Solution Strategy and Activity Management System (Database) procurement project were announced. The procurement was for 2 sets of Kingbase Xinchuang databases, with a transaction amount of RMB 198,600 , and the winning supplier was Changsha Changcai Technology Co., Ltd.
The project’s budget was RMB 238,000, procured through competitive bidding, with 3 suppliers participating. Ultimately, Changsha Changcai Technology Co., Ltd. won with a bid of RMB 198,600. The procurement item was “Kingbase Xinchuang database,” to be used for the solution strategy and activity management system.
Following the RMB 8.5 million procurement by CITIC Construction Investment Securities in Issue 36 and CITIC Securities’ CAP account platform procurement of TDSQL in Issue 33, this marks another securities firm advancing Xinchuang database replacement in its core business systems. Caixin Securities is a state‑owned holding securities company in Hunan Province. This procurement signals that regional securities firms are also accelerating the large‑scale deployment of Xinchuang databases.
- DBA Perspective: Caixin Securities’ nearly RMB 200,000 procurement of 2 sets of Kingbase databases, though smaller than the tens‑of‑millions orders from top‑tier brokers, signals that Xinchuang databases are spreading from “pilot at top‑tier brokers” to “mass replication at regional securities firms.” For DBAs, this means the job market for domestic databases is no longer limited to leading institutions; demand for Xinchuang positions at regional financial institutions is being释放. Kingbase’s delivery case at a securities firm’s solution strategy and activity management system provides a reference paradigm for DBAs in the securities industry for domestic replacement.
- CTO Perspective: From top‑tier brokers (CITIC Securities, CITIC Construction Investment Securities) to regional securities firms (Caixin Securities), the penetration of Xinchuang databases in the securities industry is accelerating. Caixin Securities adopted competitive bidding with three suppliers participating, indicating that Kingbase has a mature competitive landscape in the regional securities market. When planning Xinchuang roadmaps in the securities industry, CTOs can refer to this “small steps, fast iteration” procurement model, validating on peripheral systems before advancing to core trading system replacement.
- Investor Perspective: Though the RMB 198,600 procurement amount at Caixin Securities is modest, the fact that three suppliers participated in the competitive bidding and Kingbase ultimately won indicates that Kingbase has formed channel coverage and price competitiveness in the regional securities market. With the Xinchuang transformation of over 100 regional securities firms nationwide advancing, the penetration space for domestic databases in the securities industry will continue to expand.
Source: Caixin Securities Procurement Announcement
## 04|Dajia Insurance Procures TiDB Database: Another “TiDB Sample” for Insurance Industry Xinchuang
On June 9, Dajia Insurance Group announced the winning candidate list for its “2026 Domestic Database (TiDB) Expansion Project.” The procurement covers an estimated 12 nodes of TiDB database software licences, with the products required to adapt to Kunpeng and Hygon servers and the Kylin V10 operating system, under a three‑year framework contract. The first winning candidate was Beijing Tianyi Haobo Technology Co., Ltd., with a total tax‑inclusive bid of RMB 981,600.00 ; the second was Sichuan Rongke Zhilian Technology Co., Ltd. (RMB 990,000); the third was VSTECS (Chongqing) Technology Co., Ltd. (RMB 994,800).
Following PICC Technology’s bulk procurement of GaussDB, OceanBase, and Dameng databases reported in Issue 28, this is another important implementation case for insurance industry Xinchuang. Dajia Insurance’s choice of TiDB over traditional centralised databases reflects the diversification trend in insurance industry Xinchuang selection – distributed databases are becoming an important option for insurance core systems.
- DBA Perspective: Dajia Insurance’s procurement of 12 TiDB nodes, adapted to Kunpeng/Hygon servers and the Kylin V10 operating system, is a large‑scale implementation case of a domestic distributed database in the insurance industry. For DBAs, this means that full‑stack Xinchuang skills of “distributed database + domestic chips + domestic OS” are becoming a core requirement in the insurance industry. TiDB, as an open‑source distributed database, has a technology stack compatible with MySQL, allowing DBAs to smoothly transition from MySQL to TiDB, but they need to additionally learn new skills such as distributed transactions, data sharding, and cross‑node query optimisation.
- CTO Perspective: Dajia Insurance’s choice of TiDB with a three‑year framework contract indicates that the insurance industry’s acceptance of distributed databases is increasing. TiDB’s characteristics of “MySQL compatibility + horizontal scaling + strong consistency” are particularly suitable for the mixed workload scenarios of high concurrency, massive data, and real‑time analytics in the insurance industry. The procurement terms explicitly requiring adaptation to Kunpeng/Hygon servers and the Kylin V10 operating system indicate that full‑stack Xinchuang adaptation has become a hard requirement in insurance industry procurement.
- Investor Perspective: Dajia Insurance’s nearly RMB 1 million procurement of 12 TiDB nodes is further evidence of domestic distributed database penetration in the insurance industry. As an open‑source database, the ecosystem value of TiDB’s commercialisation company, PingCAP, is reflected in this case. The insurance industry’s evolution from centralised to distributed architecture will open new incremental markets for domestic distributed database vendors.
Source: Dajia Insurance Group Procurement Announcement
## 05|Weekly Security Recap: Chanjet CRM SQL Injection, migration‑planner Vulnerability, Oracle Multi‑Product High‑Risk Vulnerabilities Continue to Develop
Multiple security vulnerabilities were intensively disclosed this week. Enterprises need to assess risks promptly:
CVE-2026-11456 (Chanjet CRM SQL Injection) : Affects Chanjet CRM 1.0. The vulnerability is located in the /tools/jxf_dump_systable.php file, with the gblOrgID parameter having an SQL injection vulnerability. Remotely exploitable, public PoC exists, rated as “Critical” by VulDB. Exploit code has been publicly released on GitHub. Affected users should upgrade immediately.
CVE-2026-53474 (migration‑planner SQL Injection) : Affects migration‑planner versions up to 0.13.4. An SQL injection vulnerability has been found, remotely exploitable. Version 0.13.5 has fixed this issue. Affected users are advised to upgrade immediately.
Oracle May CSPU High‑Risk Vulnerabilities Continue to Develop:
- CVE-2026-46840 (CVSS 10.0): Oracle REST Data Services’ Backend‑as‑a‑Service component, allowing an unauthenticated attacker to fully compromise the system via HTTPS.
- CVE-2026-46833 (CVSS 9.0): Oracle Database Server’s Net Service component, affecting versions 23.4.0 to 23.26.2, can lead to full takeover of Net Service; attack may impact other products.
- CVE-2026-46775/CVE-2026-46839 (CVSS 9.9): Oracle REST Data Services’ Core components, allowing a low‑privilege attacker to fully control REST Data Services.
- CVE-2026-46817 (CVSS 9.8): Oracle E‑Business Suite’s Oracle Payments component, allowing an unauthenticated attacker to fully compromise the system via HTTP.
- CVE-2026-34311 (CVSS 9.8): Oracle Hospitality OPERA 5 Property Services, allowing an unauthenticated attacker to fully compromise the system.
- CVE-2026-2332 (CVSS 9.1): Oracle REST Data Services’ Core (Eclipse Jetty) component, could lead to unauthorised creation, deletion, modification, and reading of critical data.
- CVE-2026-33557 (CVSS 9.1): Oracle Communications Unified Assurance’s Message Bus (Apache Kafka) component, could lead to unauthorised creation, deletion, modification, and reading of critical data.
The Cyber Security Agency of Singapore (CSA) issued an urgent alert on June 3, recommending that users and administrators of affected products update to the latest versions immediately. The Taipei Second District Network Center also issued a vulnerability warning concurrently.
- DBA Perspective: The Chanjet CRM SQL injection vulnerability once again warns that enterprise applications (CRM, ERP, etc.) are often the “front door” to database security – after attackers breach through application‑layer SQL injection, they can directly reach the database core. DBAs are advised to work with security teams to conduct specialised security audits of application‑layer components with “database read/write privileges,” such as CRMs and low‑code platforms. The migration‑planner SQL injection vulnerability reminds DBAs that even non‑production migration tools can become a springboard for attackers into the internal network. The密集 disclosure of multiple Oracle vulnerabilities with CVSS scores above 9.0 means that Oracle DBAs face a “high‑intensity patch cadence.” CVE-2026-46840, with a CVSS 10.0 perfect score, is particularly值得警惕 – as the REST API gateway for Oracle databases, a vulnerability in REST Data Services allows an attacker to directly penetrate the application layer and reach the database core. The affected versions cover most current Oracle 23ai and ORDS deployments. DBAs must immediately assess affected versions and set the CSPU patch to P0 priority.
- CTO Perspective: The密集 disclosure of multiple CVEs this week covers the full chain from enterprise applications (Chanjet CRM) and migration tools (migration‑planner) to commercial databases (Oracle). This reminds CTOs that a full‑chain “application layer → middleware → database layer” security audit mechanism must be established. The CSA’s urgent alert indicates that regulators have designated the relevant Oracle vulnerabilities as high‑priority处置 objects. Enterprises should promptly assess affected assets and schedule patch windows.
- Investor Perspective: The continued exposure of enterprise application‑layer SQL injection vulnerabilities will drive enterprise customers to increase procurement of API security scanning and Web application firewalls. Oracle’s rising security maintenance costs may push enterprise customers to evaluate cloud‑native and open‑source alternatives. Service providers offering DAST, SAST, and interactive application security testing will see sustained demand growth in enterprise security budgets.
Source: VulDB, CSA Singapore, Taipei Second District Network Center
## 📚 SQL Little Knowledge Point
This Issue’s Knowledge Point: What is Database “Self‑Healing”?
Database “self‑healing” refers to the ability of a database system to automatically diagnose root causes and execute repair operations when detecting anomalies or failures, without human intervention.
The Self‑Healing Process in Dameng’s Patent:
1. Multi‑dimensional Collection: Collects multi‑dimensional data such as performance metrics, system logs, SQL statistics, etc.;
2. Collaborative Analysis: Integrates multi‑dimensional features into feature vectors, performs collaborative analysis to obtain detection results, predicted events, and anomaly events;
3. Root Cause Reasoning: Performs reasoning on anomaly events to determine the root cause leading to the anomaly;
4. Self‑healing Execution: Dynamically selects a self‑healing strategy from a strategy library and uses automated scripts to execute recovery.
Difference Between “Self‑Healing” and “Traditional Automation”:
- Traditional Automation: Based on fixed rules (e.g., “restart if CPU > 90%”), lacking contextual understanding;
- AI Self‑Healing: Based on root cause reasoning, can understand whether “CPU increase is due to a missing index on a certain SQL” or “due to hardware failure,” thus selecting different self‑healing strategies (add index vs. failover).
Value for DBAs:
- Shortens mean time to recovery (MTTR);
- Reduces repetitive manual troubleshooting work;
-沉淀 expert experience into a reusable strategy library.
Dameng’s “An AI‑based database intelligent operation and maintenance method and device” patent (CN122173469A) is a typical exploration in this direction.
> HiddenMerit Team Production
> Slogan: 绩优隐于内,金石启新程 | Hidden deep. Merit bold. Forge ahead.
No comments yet