AI-girlfriend apps could be a privacy bomb: 150 million users at risk as AI-girlfriends leak intimate messages to the darknet

These services, writes androidheadlines, promise the perfect conversation partner: always available, non-judgmental, and adaptable to the user’s emotions and desires. But with their popularity come serious risks.

A study by cybersecurity firm Oversecured found that more than half of these apps have critical vulnerabilities, including issues such as hard-coded credentials, script injection, and file access.

As a result, users' intimate correspondence can be compromised — from data leaks to risks of blackmail (including sextortion).

The Illusion of Closeness: Why People Trust More Than They Should

The popularity of apps like Replika, Chai, and Romantic AI is due to their ability to mimic empathy. They remember previous conversations, copy communication styles, and provide emotional support.

For many, it has become a true «safe space.» Users share personal stories — from relationship problems to sexuality issues or psychological trauma.

But it is precisely this trust that creates the problem. While people are cautious with a support chatbot, with a «digital partner» they reveal much more—sometimes even more than they would tell a therapist.

As a result, a huge array of highly sensitive data is formed, which becomes an attractive target for attackers.

Critical vulnerabilities: what exactly did researchers find?

Oversecured researchers have identified 14 critical vulnerabilities in 17 popular apps. In 10 of them, attackers can gain direct access to chat history.

One of the most serious cases is an application with over 10 million downloads, in which access keys to OpenAI and Google Cloud were written directly in the code.

Because of this, a potential attacker could gain access not only to chats, but also to users' financial data, since the same cloud project was also used for billing.

Another problem is the so-called «wrapper approach.» Most of these applications are wrappers around third-party AI models. The models themselves are created by large companies, but security — authorization, data storage — remains the responsibility of the application developers. And it is in this layer that most vulnerabilities are found.

Hackers have already taken notice

Historically, attackers have always followed trends — as was the case with crypto exchanges or remote work tools. Now they are interested in the «intimate» segment of AI.

And the risks are already being realized. In October 2025, two apps — Chattee Chat and GiMe Chat — lost 43 million messages and 600,000 user photos. In 2026, another service «leaked» 300 million messages due to a database configuration error.

Among the vulnerabilities are XSS attacks that allow you to read chats in real time or hijack sessions, as well as access to local files, including photos and voice messages.

Regulatory «gray area»

One of the main problems is the lack of clear regulation. AI companion apps are not considered medical products and therefore are not subject to strict data protection standards.

Even when regulators like the Federal Trade Commission pay attention to this segment, they focus on the impact on users (e.g., children) rather than technical security.

There have already been fines in Europe — including against the developers of Replika — but they concerned the use of data, not the ability of the systems to protect it.

As a result, users are left with virtually no legal protection for their most intimate data.

The risks go beyond privacy

The problem isn’t just data leaks. Some apps have already been involved in lawsuits related to psychological harm to users, including suicides.

The combination of emotional dependency and weak security creates a dangerous environment where attackers can influence vulnerable people.

How to protect yourself

Until the industry solves safety problems, experts advise following basic rules:

— believe that any chat can become public
— do not share information that you would not want to see publicly available
— do not use Google or Facebook authentication
— pay attention to basic signs of weak security (e.g., simple passwords)
— choose services that have undergone an independent security audit

Intimacy without responsibility

AI companion apps sell a sense of closeness in a time of increasing loneliness. But behind them are conventional software products that often fail to meet basic security standards.

150 million users is a signal that technology is developing faster than its protection mechanisms.

And while developers compete for users' attention, the issue of the security of their most intimate data remains open.

«Artificial intelligence should belong to everyone.» UN Secretary-General proposes creating a $3 billion global AI fund to help developing countries develop it

On the topic

«Artificial intelligence should belong to everyone.» UN Secretary-General proposes creating a $3 billion global AI fund to help developing countries develop it

AI dating simulator goes viral in China. Men are even willing to pay their wives to get them back into real relationships

On the topic

AI dating simulator goes viral in China. Men are even willing to pay their wives to get them back into real relationships

Read the country’s main IT news in our Telegram

On the topic

Read the country’s main IT news in our Telegram