AI Girlfriend Apps: Data Leaks & Security Risks Exposed

A New York City bar hosted an “AI companion date night” last week, an event that underscores a growing and increasingly vulnerable, market for digital relationships. Although the promise of companionship offered by artificial intelligence apps is attracting millions of users, security researchers are warning of widespread data breaches exposing deeply personal information to potential exploitation.

The popularity of AI companion apps – including Replika, Chai, and Romantic AI – has surged in the last two years, with a combined total exceeding 150 million installs on Google Play alone. These platforms offer users a digital partner capable of simulating empathy, remembering past conversations, and providing emotional support through advanced natural language processing. But this very “humanization” of the software is creating a significant cybersecurity risk, according to a recent report by security firm Oversecured.

Oversecured’s investigation identified 14 critical security flaws across 17 popular AI companion apps. Ten of those apps contain vulnerabilities that provide a direct path for attackers to access user conversation histories. The flaws aren’t minor bugs, but fundamental problems in the software’s construction and maintenance. One app, boasting over 10 million downloads, shipped its cloud credentials – including an OpenAI API token and a Google Cloud private key – directly within its publicly available code. This oversight potentially grants access to both the app’s full chat database and the financial records of paying users, as the developer used the same cloud project for its AI backend and billing system.

The issue is compounded by what security professionals call the “Wrapper Problem.” Most AI companion apps function as “wrappers,” connecting to third-party AI models like OpenAI or Google and adding a custom interface. While the major AI providers manage the core AI functionality, individual app developers are responsible for authentication and data storage. Every vulnerability identified in Oversecured’s audit exists within this “wrapper layer” – the part of the app users rarely consider and where no major brand name offers protection.

The risks are not theoretical. In October 2025, Chattee Chat and GiMe Chat experienced data breaches that leaked 43 million intimate messages and 600,000 photos from over 400,000 users. A separate incident in February 2026 saw an AI chat app expose 300 million messages from 25 million users due to a database misconfiguration. These breaches demonstrate the real-world consequences of lax security practices.

Security professionals note a pattern of malicious actors targeting growing tech sectors, similar to the rise of cryptocurrency exchanges and remote work tools. They now refer to this trend as targeting “Agentic Intimacy,” recognizing the uniquely sensitive nature of the data contained within these apps. A simple Cross-Site Scripting (XSS) flaw can allow attackers to read conversations in real-time or hijack entire accounts. In apps featuring explicit content, vulnerabilities can allow hackers to steal cached photos and voice messages directly from users’ devices.

Adding to the concern is a “regulatory blind spot.” AI companion apps are not currently classified as healthcare products, meaning federal laws like HIPAA do not protect user disclosures. While the Federal Trade Commission (FTC) sent information requests to several AI companion companies in late 2025, the inquiry focused on the impact of chatbots on children, not data security. New laws in states like New York and California require suicide prevention protocols and disclosures about AI interactions, but they do not address application-level security.

The lack of security oversight extends beyond privacy concerns. Three of the six most vulnerable apps identified in the audit have already faced lawsuits related to harm to minors or user suicides linked to chatbot interactions. In one case, a user died by suicide after prolonged interactions with a chatbot. The potential for manipulation of vulnerable users by third-party predators is a significant concern, particularly given the ability of malicious ad creatives to launch internal app components and query conversation tables.

Security experts recommend a “Zero Trust” approach for users of AI companion apps. This includes assuming all chats are public, avoiding sharing information that could be damaging if leaked, and refraining from linking personal accounts. Users should also be wary of apps with weak password requirements and prioritize those that demonstrate transparency about data storage and undergo independent security audits.

The rapid growth of AI companion apps presents a complex challenge. While offering a potential solution to loneliness and isolation, these platforms are simultaneously creating new avenues for data exploitation and potential harm. The industry’s current trajectory, characterized by a rush to market and a lack of robust security measures, raises serious questions about the long-term safety and well-being of its users.