AI Toy Manufacturer Miko Exposed Thousands of Child Conversations in Unsecured Database
U.S. Senators Marsha Blackburn (R-Tenn.) and Richard Blumenthal (D-Conn.) revealed this week that AI-powered toy maker Miko left thousands of children’s interactions with its devices exposed in an unsecured, publicly accessible database. In a letter sent Wednesday, the senators stated that the database contained Miko’s side of conversations with children, including names and details of their interactions raising significant privacy and security concerns.
The exposure was discovered using publicly available tools to analyze the toy’s Wi-Fi communications. While Miko CEO Sneh Vaswani denied any data breach, stating the company does not store children’s voice recordings, NBC News confirmed the database was accessible and contained thousands of daily responses from Miko toys dating back to December 2025. Though children’s voices were not directly recorded, the toy’s replies allowed observers to reconstruct conversations. The database was secured after Miko was notified.
This incident follows previous reports of AI toys engaging in inappropriate behavior, including explicit sexual conversations, dangerous advice, and politically aligned responses. The senators have also sent inquiries to other AI toy manufacturers, such as Curio and FoloToy, regarding their data security practices. Meanwhile, another company, bondu, is under scrutiny for exposing children’s chat transcripts through a publicly accessible portal.
bondu cybersecurity rating report: https://www.rankiteo.com/company/theaitoycompany
Miko cybersecurity rating report: https://www.rankiteo.com/company/mikorobot
"id": "THEMIK1770935689",
"linkid": "theaitoycompany, mikorobot",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands of children',
'industry': 'Consumer Electronics / Toys',
'location': 'United States',
'name': 'Miko',
'type': 'AI Toy Manufacturer'}],
'attack_vector': 'Unsecured Database',
'data_breach': {'number_of_records_exposed': 'Thousands (daily responses '
'dating back to December 2025)',
'personally_identifiable_information': 'Names and '
'conversation details',
'sensitivity_of_data': 'High (children’s personal '
'information)',
'type_of_data_compromised': 'Children’s conversation details, '
'names, and interaction logs'},
'description': 'U.S. Senators revealed that AI-powered toy maker Miko left '
'thousands of children’s interactions with its devices exposed '
'in an unsecured, publicly accessible database. The database '
'contained Miko’s side of conversations with children, '
'including names and details of their interactions, raising '
'significant privacy and security concerns.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': 'Thousands of children’s interactions, '
'including names and conversation details',
'identity_theft_risk': 'High (children’s personal information)',
'legal_liabilities': 'Potential',
'systems_affected': 'Miko’s database storing toy interactions'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Database secured after '
'notification',
'root_causes': 'Unsecured, publicly accessible '
'database'},
'references': [{'source': 'NBC News'},
{'source': 'U.S. Senators Marsha Blackburn and Richard '
'Blumenthal'}],
'regulatory_compliance': {'regulations_violated': 'Potential violations of '
'children’s privacy laws '
'(e.g., COPPA)'},
'response': {'communication_strategy': 'CEO denied data breach but '
'acknowledged securing the database',
'containment_measures': 'Database secured after notification'},
'title': 'AI Toy Manufacturer Miko Exposed Thousands of Child Conversations '
'in Unsecured Database',
'type': 'Data Exposure',
'vulnerability_exploited': 'Publicly accessible database without proper '
'security measures'}