San Francisco, Jan 30, 2026, 01:59 (PST)
- Researchers said a Bondu web console let any Google account view children’s chat transcripts and profile data
- Bondu said it fixed the issue within hours and saw no evidence of access beyond the researchers
- The exposure adds pressure on AI-enabled toys that store children’s conversations in the cloud
Bondu, which sells AI chat-enabled stuffed animals for children, tightened access to an online console after researchers found it let anyone with a Gmail account browse transcripts of kids’ conversations and personal details. The company confirmed to the researchers that more than 50,000 chat transcripts were accessible through the portal and said it found no evidence of access beyond the researchers involved. (WIRED)
The episode lands as companies push large language models — AI systems that generate text from prompts — into children’s products, often paired with parent apps and cloud dashboards. That creates a tempting trove of intimate data, and it widens the number of places it can leak.
For parents, the appeal is simple: a screen-free toy that chats, remembers preferences, and adapts. The catch is that the “memory” is often a database, and security failures tend to be boring until they aren’t.
The researchers traced the issue to an exposed admin panel tied to a Bondu domain and a “Login with Google” button that did not require a special account, they said. From there, they could access “tens of thousands of sessions” of conversation transcripts, plus children’s names and birth dates, family member names, preferences, device data and even controls to update firmware and reboot devices. (The Cyber Express)
In a blog post detailing the work, security researcher Joseph Thacker said the panel effectively sat open to “anyone with a Google account.” He also wrote that the backend used OpenAI’s GPT-5 and Google’s Gemini, and that an additional flaw known as an IDOR — a bug that lets someone pull up another user’s record by changing an ID number — allowed access to any child’s profile data by guessing an identifier. (Josephthacker)
Bondu’s CEO, Fateen Anam Rafid, said in a statement that security fixes were “completed within hours” and that the company found no evidence of access beyond what the researchers viewed. Researcher Joel Margolis warned of the downside in blunt terms, saying, “This is a kidnapper’s dream,” and the report said the company uses third-party enterprise AI services while taking steps to limit what is sent for processing. (NewsBytes)
Bondu’s privacy policy, effective Sept. 16, 2025, says children’s voice data is converted to text in real time and “not retained,” while text transcripts may be retained, and it lists a San Francisco address for the company. The policy also describes collection of device and location-related information used to set up and keep the product connected. (bondu)
In the United States, the FTC’s COPPA rule sets out requirements for online services directed to children under 13, including limits on collection and obligations around the confidentiality and security of children’s data. Industry commentary around the Bondu exposure said the incident could intensify debate over whether current guardrails are keeping pace with AI companions built for kids. (Federal Trade Commission)
But the key uncertainty is what cannot be proved from the outside: how long the console was exposed, and whether access logs would reliably show every visit if someone else came looking. Even when a portal is secured quickly, the underlying risk remains that a single weak credential or mis-set permission can reopen the same door.
Bondu markets the toys around safety features and a parent companion app that lets families review and manage their child’s interactions. The breach undercut that pitch, and it is likely to sharpen questions about whether new AI toys are being shipped with security work that matches their claims. (bondu)
