Security researchers Joseph Thacker and Joel Margolis found that Bondu's AI dinosaur toys left over 50,000 chat logs completely exposed to anyone with a Gmail account. No hacking required. Just log in with any Google account and read through private conversations between toddlers and their stuffed animals. The exposed data included children's names, birth dates, family member names, parental objectives for the child, and full transcripts of every conversation. Kids told these toys their favourite snacks, their secrets, what makes them happy or scared. All of it sat on a web portal anyone could access.
Thacker's neighbour had pre-ordered a couple of Bondus for her kids. She asked him about the AI chat feature because she knew he researched child safety and AI. He checked and found the security hole within minutes. When he and Margolis alerted Bondu, the company took the console down immediately and fixed it the next day. Bondu CEO Fateen Anam Rafid said fixes were completed within hours and found no evidence of unauthorised access beyond the researchers. The company hired a security firm to validate the investigation and monitor systems going forward.
The researchers didn't keep copies of the data except a few screenshots to verify what they found. But what they saw raises bigger questions than just Bondu's mistake. AI toys keep detailed histories of every chat to make the next conversation better. Bondu auto-deleted audio after a short time but stored written transcripts permanently unless parents manually deleted them. Even with proper authentication now in place, this data sits on company servers where employees can access it. One weak password and it's exposed again. Margolis stated "This is a kidnapper's dream. We're talking about information that lets someone lure a child into a really dangerous situation, and it was essentially accessible to anybody."
The researchers also noticed Bondu appears to use Google's Gemini and OpenAI's GPT-5, meaning children's conversations may be shared with those companies. Bondu confirmed it uses third-party AI services to generate responses and run safety checks, which requires transmitting conversation content for processing. The company said it minimises what gets sent and operates under enterprise configurations where providers claim prompts aren't used to train models. Thacker and Margolis suspect the unsecured console was built using AI coding tools, which often introduce security flaws. Bondu didn't respond when asked if the console was programmed with AI.
Most warnings about AI toys focus on inappropriate content. NBC News reported in December that AI toys gave detailed explanations of sexual terms, knife-sharpening tips, and echoed Chinese government propaganda claiming Taiwan is part of China. Bondu actually tried to prevent this. The company offers a $500 bounty for reports of inappropriate responses. Their website claims no one has collected the bounty in over a year because the toy can't be made to say anything inappropriate. But safety features don't matter when the data is wide open. Thacker and Margolis found Bondu protecting the conversation content while leaving the entire database accessible to strangers. Before investigating Bondu, Thacker had considered buying AI toys for his own children. After seeing the exposure firsthand, he changed his mind completely.
You shouldn't buy internet-connected toys for your children. Bondu isn't an outlier. Every connected toy that chats with kids stores that data somewhere, and you have no meaningful control over who accesses it or how it's protected. The company can promise enterprise-grade security in their privacy policy while leaving everything accessible through a Gmail login. You won't know until researchers stumble across it or someone worse finds it first. Internet-connected devices for children prioritise features over security because security doesn't sell units. These companies move fast, often using AI to generate code, and ship products before properly testing whether they've created massive privacy holes. Bondu got caught. How many haven't?
If you already own one of these toys, you have options. Disconnect it from WiFi so it functions as a regular stuffed animal without uploading conversations. Delete stored chat histories from the company's servers. Replace it with a toy that doesn't require internet connectivity. Checking privacy settings and leaving the internet connection active doesn't solve the problem. Every conversation still routes through company servers where employees, contractors, and anyone who compromises an account can access it. Talking to your kids about what they share with the toy misses the point. They're children. They shouldn't need operational security training to play safely with a stuffed dinosaur.
Thacker and Margolis found this vulnerability in minutes. They weren't looking for sophisticated exploits or zero-day attacks. They logged in with a Google account and immediately saw 50,000 chat transcripts. That's not a security failure. That's not caring about security in the first place while marketing products as safe for toddlers.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
What did Bondu expose?
Bondu left over 50,000 chat logs accessible to anyone with a Gmail account. The exposed data included children's names, birth dates, family member names, and full transcripts of every conversation kids had with their AI toys.
How did researchers find the security hole?
Security researchers Joseph Thacker and Joel Margolis logged in with a Google account and immediately saw 50,000 chat transcripts. No hacking required. They found the vulnerability within minutes of checking.
Did Bondu fix the problem?
Bondu took the console down immediately after being alerted and fixed it the next day. The company hired a security firm to validate the investigation. Even with proper authentication now in place, the data still sits on company servers where employees can access it.
Are other AI toys safe?
No. Every connected toy that chats with kids stores data on company servers. You have no meaningful control over who accesses it or how it's protected. Companies prioritise features over security because security doesn't sell units.
What should parents do?
Don't buy internet-connected toys for your children. If you already own one, throw it out. Checking privacy settings doesn't solve the problem that every conversation routes through company servers where anyone who compromises an account can access it.