An AI-powered stuffed toy company just exposed the intimate conversations of thousands of children to anyone with a Gmail account. Security researchers Joseph Thacker and Joel Margolis discovered that Bondu, maker of AI chat-enabled dinosaur toys, left its entire web console unprotected - allowing strangers to access over 50,000 chat transcripts, children's names, birthdates, and detailed personality profiles with nothing more than a Google login. The breach raises urgent questions about how AI toy companies handle the deeply personal data they collect from kids.
When Joseph Thacker's neighbor mentioned she'd pre-ordered AI-powered stuffed dinosaurs for her kids, she asked the security researcher for his thoughts. What Thacker discovered in just minutes of poking around sent shockwaves through the child safety community.
Bondu, the startup behind these AI chat toys, had left its entire backend console wide open. Thacker and fellow researcher Joel Margolis didn't need to hack anything - they simply logged in with a Gmail account and found themselves staring at the private conversations of thousands of children. Pet names kids gave their toys. Favorite snacks. Dance moves. The intimate, unguarded thoughts children share with what they believe is a trusted companion.
The scale of the exposure is staggering. More than 50,000 chat transcripts sat accessible to anyone who stumbled upon Bondu's public-facing portal. Children's full names, birthdates, family member details, and "objectives" parents had set for their kids - all there for the taking. No authentication required beyond a basic Google account.
"It felt pretty intrusive and really weird to know these things," Thacker told WIRED. "Being able to see all these conversations was a massive violation of children's privacy."
Bondu CEO Fateen Anam Rafid says the company acted fast once alerted, taking down the console within minutes and implementing proper authentication the next day. In a statement to WIRED, Rafid claimed security fixes "were completed within hours" and that the company "found no evidence of access beyond the researchers involved." Bondu has since hired a security firm to validate its investigation and monitor systems going forward.
But the damage extends beyond this single breach. What Thacker and Margolis saw inside Bondu's backend reveals how AI toy companies are building detailed psychological profiles of children. The toys keep complete chat histories to inform future conversations - creating a treasure trove of behavioral data that could be exploited in horrifying ways.
"To be blunt, this is a kidnapper's dream," Margolis says. "We're talking about information that could let someone lure a child into a really dangerous situation, and it was essentially accessible to anybody."
The researchers discovered another concerning detail buried in Bondu's admin console. The toys run on Google's Gemini and OpenAI's GPT-5 models, meaning children's conversations may be transmitted to these tech giants for processing. Rafid confirmed the company uses "third-party enterprise AI services" but insists contractual controls prevent the data from training AI models.
That's cold comfort for parents who thought their kids were having private conversations with a toy. Even with Bondu's security now patched, questions linger about internal access controls. How many employees can view these chats? How are their credentials protected? What happens when one worker uses a weak password?
"There are cascading privacy implications from this," Margolis warns. "All it takes is one employee to have a bad password, and then we're back to the same place we started, where it's all exposed to the public internet."
The researchers suspect another factor contributed to Bondu's security failure - the possibility that its web console was "vibe-coded" using AI programming tools. These generative coding assistants often produce functional-looking code riddled with security flaws. Bondu didn't respond to questions about whether AI tools built its infrastructure.
This breach comes as AI toys face growing scrutiny over content safety. NBC News reported last month that AI toys they tested explained sexual terms to children, offered knife-sharpening tips, and parroted Chinese government propaganda. Bondu has tried to differentiate itself by offering a $500 bounty for anyone who can make its toy say something inappropriate - a program it claims no one has cracked in over a year.
But Thacker sees a fatal disconnect. "This is a perfect conflation of safety with security," he says. "Does 'AI safety' even matter when all the data is exposed?"
The incident reveals a troubling gap in how AI toy companies approach child protection. They focus on preventing inappropriate conversations while neglecting basic data security. Parents buying these products assume companies are safeguarding the intimate details their children share. The Bondu breach proves that assumption is dangerously misplaced.
For Thacker, seeing the exposed data firsthand changed everything. He'd considered buying AI toys for his own kids before investigating Bondu. Not anymore. "Do I really want this in my house? No, I don't," he says. "It's kind of just a privacy nightmare."
The researchers didn't download or keep copies of the sensitive data they accessed, sharing only screenshots and screen recordings with WIRED to document their findings. But countless others could have accessed the same information before the vulnerability was patched. There's no way to know who else might have logged in during the window Bondu's console sat wide open.
The Bondu breach is a wake-up call for the AI toy industry. As these products proliferate in homes worldwide, companies are collecting unprecedented amounts of behavioral and psychological data on children - then failing to protect it. Parents face an impossible choice: deny their kids the novel experiences AI toys offer, or accept that intimate conversations might be one weak password away from public exposure. Until regulators step in with mandatory security standards for children's AI products, the privacy nightmare Thacker describes will keep parents up at night. The question isn't whether another AI toy company will suffer a similar breach - it's when.
