San Francisco, Jan 30, 2026, 01:59 (PST)
- Researchers revealed a Bondu web console flaw that allowed any Google account to access children’s chat transcripts and profile information
- Bondu reported resolving the problem within hours and found no signs of access outside the research team
- The revelation increases scrutiny on AI-powered toys that save kids’ chats to the cloud
Bondu, the maker of AI chat-enabled stuffed toys for kids, restricted access to an online console after researchers discovered it allowed anyone with a Gmail account to view transcripts of children’s conversations and personal information. The company told the researchers that over 50,000 chat logs were exposed via the portal but said it found no signs of access beyond the researchers themselves. 1
The episode arrives amid a wave of companies integrating large language models—AI that crafts text from prompts—into kids’ products, usually alongside parent apps and cloud dashboards. This setup opens the door to a rich stash of personal data and expands the potential points for leaks.
Parents like the idea: a screen-free toy that talks, recalls favorites, and adjusts accordingly. The problem? That “memory” usually means a database—and when security slips, it’s usually dull until suddenly it’s not.
Researchers pinpointed the problem to an exposed admin panel linked to a Bondu domain, featuring a “Login with Google” button that didn’t require a special account, they explained. This allowed them to access “tens of thousands of sessions” containing conversation transcripts, along with kids’ names and birth dates, family member information, preferences, device details, and even controls to update firmware and reboot devices. 2
Security researcher Joseph Thacker revealed in a blog post that the panel was basically open to “anyone with a Google account.” He noted the backend relied on OpenAI’s GPT-5 and Google’s Gemini. On top of that, an IDOR flaw—a bug letting attackers fetch another user’s record by tweaking an ID number—made it possible to access any child’s profile simply by guessing their identifier. 3
Bondu’s CEO, Fateen Anam Rafid, stated that security patches were “completed within hours” and that the company found no signs of any access beyond what the researchers observed. Researcher Joel Margolis didn’t mince words, calling it “a kidnapper’s dream.” The report noted Bondu uses third-party enterprise AI services but is working to limit the data sent for processing. 4
Bondu’s privacy policy, effective Sept. 16, 2025, states that children’s voice data is converted to text instantly and “not retained,” although text transcripts might be stored. The policy also includes a San Francisco address for the company. It outlines the collection of device and location data necessary for setup and maintaining connectivity. 5
In the U.S., the FTC’s COPPA rule requires online services aimed at kids under 13 to limit data collection and ensure children’s information stays confidential and secure. Industry voices reacting to the Bondu leak suggested it might ramp up discussions about whether existing safeguards are enough for AI companions designed for children. 6
The real question is what can’t be confirmed externally: how long the console was left exposed, and if access logs would catch every visitor if someone else snooped around. Even a fast-secured portal carries the risk that one weak password or a misconfigured permission could reopen that same door.
Bondu promotes its toys by highlighting safety features and a parent companion app that lets families monitor and control their child’s interactions. The breach undermines that message and will probably raise fresh concerns about whether these AI-driven toys are truly built with the security they promise. 7
