AI Toy Exposed 50,000 Kids' Private Chats to Anyone

A Gmail account. That's all it took to access the private thoughts, fears, and dreams of thousands of children.

Security researcher Joseph Thacker discovered this unsettling reality when his neighbor asked him to check out Bondu, an AI-powered dinosaur toy she'd pre-ordered for her kids. Within minutes of logging into the company's web portal with an arbitrary Google account, Thacker and colleague Joel Margolis found themselves staring at 50,000+ intimate conversations between children and their AI companion.

No hacking required. No sophisticated tools. Just a simple login that opened the digital diary of an entire generation.

The Anatomy of a Privacy Nightmare

What the researchers found wasn't just data—it was the raw material of childhood itself. Children's names, birthdates, family members, favorite snacks, and dance moves. But most disturbing were the detailed transcripts of every conversation a child had ever had with their Bondu toy.

These weren't casual exchanges. Bondu is designed to be an AI-powered "imaginary friend," the kind of companion that children confide in with their deepest thoughts. The toy stores every interaction to create more personalized responses, building an increasingly detailed psychological profile of each child.

"It felt pretty intrusive and really weird to know these things," Thacker says. "Being able to see all these conversations was a massive violation of children's privacy."

When alerted to the breach, Bondu acted swiftly, taking down the console within minutes. CEO Fateen Anam Rafid stated that security fixes "were completed within hours" and that the company "found no evidence of access beyond the researchers involved."

The Bigger Picture: When AI Safety Meets Security Failure

The Bondu incident reveals a troubling paradox in the AI toy industry. While companies focus intensely on preventing inappropriate conversations—Bondu even offers a $500 bounty for reports of unsuitable responses—they may be neglecting fundamental cybersecurity.

Recent concerns about AI toys have centered on content safety. NBC News reported last month that AI toys provided detailed sexual explanations, knife-sharpening tips, and even echoed Chinese government propaganda, claiming Taiwan was part of China.

Bondu appears to have invested heavily in content moderation, boasting that "no one has been able to make it say anything inappropriate" in over a year. Yet simultaneously, it left every user's sensitive data completely exposed.

"This is a perfect conflation of safety with security," Thacker observes. "Does 'AI safety' even matter when all the data is exposed?"

The Hidden Data Pipeline

The researchers discovered that Bondu uses Google's Gemini and OpenAI's GPT models, potentially sharing children's conversations with these tech giants. While Rafid states the company uses "contractual and technical controls" and operates under "enterprise configurations where providers state prompts/outputs aren't used to train their models," questions remain about data handling.

This reveals a broader issue: AI toy companies often rely on third-party AI services, creating complex data-sharing relationships that parents may not fully understand. Each additional party in the chain represents another potential point of failure.

Margolis and Thacker also suspect the vulnerable console was "vibe-coded"—created using generative AI programming tools that often introduce security flaws. This suggests a troubling irony: companies using AI to build AI products may be inadvertently creating new vulnerabilities.

The Kidnapper's Dream

"To be blunt, this is a kidnapper's dream," Margolis warns. "We're talking about information that could let someone lure a child into a really dangerous situation, and it was essentially accessible to anybody."

The exposed data included not just conversation transcripts but behavioral patterns, emotional triggers, and family dynamics—a comprehensive psychological profile of each child. In the wrong hands, such information could enable sophisticated manipulation or abuse.

Even with the immediate security fix, broader questions remain: How many employees at AI toy companies have access to this data? How is their access monitored? How secure are their credentials?

"All it takes is one employee to have a bad password, and then we're back to the same place we started," Margolis notes.

The question isn't whether AI toys will become more prevalent—they will. The question is whether we can build them without turning childhood into a data collection exercise.