A Democratic senator is demanding answers from an AI toy company accused of exposing tens of thousands of children's private conversations, according to a letter shared exclusively with Axios.
Why it matters: AI-powered toys are rapidly entering children's homes, but safeguards around how companies collect, store and monitor kids' data haven't kept pace.
Catch up quick: Researchers reported last month that bondu, an AI-powered conversational toy company, inadvertently exposed children's chat transcripts and personal data through a publicly accessible portal.
- Bondu, which allows parents to check their children's conversations, said it took down the exposed portal and relaunched it the next day with authentication measures, according to Wired.
Driving the news: New Hampshire Senator Maggie Hassan, the ranking member of the Senate's Joint Economic Committee, is now asking bondu to explain how the exposure occurred and to provide more information around its safety and security claims.
The big picture: Hassan's letter signals growing pressure on the industry around AI-enabled toys.
- The scrutiny comes as child-safety groups have raised wide ranging concerns, including risks tied to data collection and cybersecurity.
Zoom in: Hassan in her letter pressed bondu CEO Fateen Anam Rafid on who can access the data in the company's portal, and what steps it has taken to prevent similar incidents.
- Hassan asks whether bondu monitors chat data, and for what purposes, and asks whether the company limits employee access to user information.
What they're saying: "This AI toy is marketed to children between the ages of three and nine years old, making the exposure of their information particularly devastating," Hassan wrote.
- The letter raised concerns about bondu's business model and warned that exposed data could be used for identity theft and that private chat transcripts could be exploited to target children.
The other side: On its website, bondu says it uses "industry-standard safeguards such as encryption and secure authentication to protect your account," and that access "to any personal data is strictly limited to authorized core team members who need it to support your experience."
- Bondu also says parents can "review, manage, or delete your child's chats, history and/or personal information at any time with ease" through its app.
The intrigue: Hassan also asks the company whether AI tools were used to build systems that may have introduced the security flaws, and if so — what efforts did the company take to detect them.
What's next: Hassan gave bondu until Feb. 23 to respond to the letter.
More from Axios:
