A bipartisan group of lawmakers is asking questions about the inner workings of digital advertising amid worries the industry’s user-targeting capabilities could pose a threat to national security.

When anyone loads a webpage, a digital-ad auction occurs in seconds to determine which personalized ads the person will see. During that auction, the user’s personal data—including location, browsing history and demographic details—may be sent to hundreds of companies bidding on the ad slots. The barriers to join these auctions are low, and any company participating in the auction can access user information without having to bid.

On Friday, a group of U.S. senators led by Senate Finance Committee Chairman Ron Wyden (D., Ore.) sent a letter to the largest companies running these auctions— AT&T Inc., Index Exchange Inc., Alphabet Inc.’s Google, Magnite Inc., OpenX Software Ltd., PubMatic Inc., Twitter Inc. and Verizon Communications Inc. —asking them what steps they take to make sure companies joining the auctions do so for the sole purpose of buying ad slots.

They also asked the companies to provide the names of all foreign clients who had access to user data through auctions over the past three years.

“As Congress debates potential federal privacy legislation, we must understand the serious national security risks posed by the unrestricted sale of Americans’ data to foreign companies and governments,” the senators said in the letter, a copy of which was reviewed by The Wall Street Journal. Beyond Sen. Wyden, the letter was signed by Sens. Kirsten Gillibrand (D., N.Y.), Sherrod Brown (D. Ohio), Bill Cassidy (R., La.), Mark Warner (D., Va.) and Elizabeth Warren (D., Mass.).