A stuffed dinosaur toy built for children’s conversations became the center of a serious privacy warning after researchers found that its web portal exposed highly sensitive chat records. The toy, called Bondu, offered an AI chat feature meant to let children talk with it like a machine-learning-enabled imaginary friend.
According to the source article, security researchers Joseph Thacker and Joel Margolis found that a public-facing Bondu console could be accessed by logging in with an arbitrary Google account. The portal was intended for parents and Bondu staff, but the researchers found it opened access to children’s private conversations and related profile details.
What the researchers found
The discovery began after Thacker’s neighbor mentioned that she had preordered a couple of Bondus for her children. She knew Thacker had worked on AI risks for kids and asked what he thought of the toy.
Thacker looked into the product with Margolis. Within a few minutes, they found that Bondu’s web-based portal did not properly restrict who could view the stored information. The source says they did not carry out actual hacking; they simply logged in with a Google account.
What appeared in the console went far beyond basic account data. The exposed information included children’s names, birth dates, family member names, parent-chosen “objectives” for a child, pet names children had given their Bondu, likes and dislikes, favorite snacks, dance moves, detailed summaries, and transcripts of previous chats.
Bondu confirmed in conversations with the researchers that more than 50,000 chat transcripts were accessible through the exposed web portal. The source describes those records as essentially all conversations the toys had engaged in except those manually deleted by parents or staff.
Why AI toy data is unusually sensitive
The risk here is not only that a database was visible. It is the kind of database it was. Bondu was designed to draw out one-on-one conversation from young users, and the stored records reflected that purpose.
An AI toy that remembers prior chats may be able to respond in a more personal way later. But that same design can also create a detailed archive of a child’s preferences, relationships, routines, and feelings. In this case, the source says Bondu kept written histories of chats to better inform later conversations with the toy.
The article states that Bondu did not store audio of the conversations. It auto-deleted audio after a short time and kept only written transcripts. That distinction matters, but it does not remove the central concern: the transcripts themselves were sensitive enough to expose intimate details about children.
Margolis warned that this type of information could enable abuse or manipulation. He said, “To be blunt, this is a kidnapper’s dream,” and added, “We’re talking about information that lets someone lure a child into a really dangerous situation, and it was essentially accessible to anybody.”
Bondu’s response
After Thacker and Margolis alerted Bondu, they say the company took the console down within minutes. The portal relaunched the next day with proper authentication measures.
Bondu CEO Fateen Anam Rafid told WIRED that security fixes “were completed within hours, followed by a broader security review and the implementation of additional preventative measures for all users.” He also said Bondu “found no evidence of access beyond the researchers involved.”
The researchers said they did not download or keep copies of the sensitive data they accessed, other than a few screenshots and a screen-recording video shared with WIRED to confirm their findings.
Anam Rafid also said, “We take user privacy seriously and are committed to protecting user data,” adding, “We have communicated with all active users about our security protocols and continue to strengthen our systems with new protections.” The source says Bondu is also hiring a security firm to validate its investigation and monitor its systems in the future.
The security questions that remain
Even after the portal fix, Thacker and Margolis argue that the incident points to a wider problem for AI-enabled toys. If a company stores extensive records of children’s conversations, the next question is who can see that information and how access is controlled.
The researchers raised questions about how many employees inside AI toy companies can access children’s data, how that access is monitored, and how well employee credentials are protected. Margolis put the concern plainly: “All it takes is one employee to have a bad password, and then we’re back to the same place we started, where it’s all exposed to the public internet.”
They also said Bondu’s admin console appeared to show that the company used Google’s Gemini and OpenAI’s GPT5. Anam Rafid responded that Bondu uses “third-party enterprise AI services to generate responses and run certain safety checks, which involves securely transmitting relevant conversation content for processing.” He said the company takes precautions to “minimize what’s sent, use contractual and technical controls, and operate under enterprise configurations where providers state prompts/outputs aren’t used to train their models.”
The researchers also suspected the exposed Bondu console may have been “vibe-coded,” meaning created with generative AI programming tools. The source says Bondu did not respond to WIRED’s question about whether AI tools were used to program the console.
Safety is not the same as security
Recent warnings about AI toys for kids have focused largely on what the toys might say. The source mentions NBC News reporting in December that AI toys offered detailed explanations of sexual terms, tips about how to sharpen knives, and statements such as Taiwan is a part of China.
Bondu, by contrast, appears to have tried to build safeguards into its chatbot. The company offers a $500 bounty for reports of “an inappropriate response” from the toy. Its website says, “We’ve had this program for over a year, and no one has been able to make it say anything inappropriate.”
But the researchers argue that content safety does not solve privacy failure. A toy can avoid inappropriate replies and still put children at risk if the conversation history is not secured.
Thacker summarized the issue with a direct question: “Does ‘AI safety’ even matter when all the data is exposed?” After seeing the exposure, he said he no longer wanted AI-enabled toys for his own children: “Do I really want this in my house? No, I don’t,” he says. “It’s kind of just a privacy nightmare.”