Sunday 8 February 2026Afternoon Edition

ZOTPAPER

News without the noise

AI & Machine Learning

AI Toy Company Exposed 50,000 Logs of Children's Conversations

Bondu left web console unprotected, allowing anyone with Gmail to access intimate chats between kids and stuffed animals

Nonepaper Staff2 min read
An AI-powered toy company called Bondu left its web console almost entirely unprotected, exposing nearly 50,000 logs of conversations between children and the company's AI-enabled stuffed animals to anyone with a Gmail account.

Security researchers who accessed the unsecured console found intimate details of children's lives—their fears, family situations, and daily routines—all logged and stored without adequate protection.

The stuffed animals, marketed as friendly AI companions for children, record and process conversations to provide interactive responses. But the company apparently failed to implement basic security measures on the backend systems storing this sensitive data.

The exposure raises serious questions about the rush to bring AI products to market, particularly those targeting vulnerable populations like children. Privacy advocates have long warned about the risks of AI toys that listen and record.

Analysis

Why This Matters

Children's conversations contain deeply personal information. This breach exposes the real risks of AI toys that process and store sensitive data.

Background

AI toys have proliferated despite repeated security incidents in the sector.

What to Watch

Regulatory response and whether this prompts stricter oversight of AI products for children.

Sources