Web portal leaves kids’ chats with AI toy open to anyone with Gmail account
Summary
Ars Technica (via WIRED) reports a severe security flaw in Bondu’s AI-enabled toy portal: transcripts from children's chats were exposed to anyone with a Gmail account due to a public-facing console. Researchers found over 50,000 chat transcripts plus personal details, prompting Bondu to secure the portal and implement stronger protections. The incident highlights critical privacy and security risks in AI-enabled consumer devices and the need for robust access controls and data governance when deploying AI in toys and IoT devices.