AI toys are moving fast into children's bedrooms, but the rules for safety, privacy and accountability are still catching up.
The toy industry has found its next big interface, and it talks back. Stuffed animals, robots and screen-free gadgets are being pitched as companions that can answer questions, remember preferences and keep children entertained without handing them a phone. That sounds like a useful upgrade until you ask a harder question: who gets to hear what a child tells the toy?
That question stopped being theoretical after the Bondu case. As WIRED recently reported, security researchers Joseph Thacker and Joel Margolis found that Bondu's web portal, designed for parental review and company monitoring, exposed more than 50,000 chat transcripts between children and the company's AI-enabled stuffed dinosaurs. The researchers did not need a sophisticated exploit. They found that access was possible through a public-facing console using a Google account.
The exposed data reportedly included children's names, birth dates, family member names, preferences, parent-selected objectives and detailed summaries of past chats. Bondu said it took the portal down quickly, added authentication, found no evidence of broader unauthorized access and hired a security firm to help validate its response. That matters, but it does not erase the larger problem. A toy built to invite trust had collected exactly the kind of intimate information that should be hardest to expose.
Parents have seen a version of this story before. Smart speakers entered homes as convenient assistants, then gradually raised questions about recordings, human review, accidental activation and the long-term storage of domestic life. AI toys raise the same concerns, but with children at the center and with a more emotionally persuasive product design.
A smart speaker sits on a counter. A plush dinosaur sits in a child's arms. That difference matters. Children are not simply issuing commands about weather or music. They may be telling stories, asking embarrassing questions, naming relatives, sharing fears and treating the product like an imaginary friend. The commercial value of that information is obvious because personalization is one of the advertised benefits. The safety risk is just as obvious because personalization requires memory, and memory requires storage or repeated processing.
Bondu's case also shows why content moderation is only one part of the problem. The company appeared to have invested in response safeguards and reportedly offered a bounty for inappropriate answers. Yet a product can refuse dangerous prompts and still fail at basic data security. For parents and regulators, that distinction is not academic. A child-safe answer is not enough if the conversation history is poorly protected.
Other products have drawn scrutiny from a different angle. NBC News previously tested AI toys and reported that some gave answers involving sexual topics, drugs, knife sharpening and political propaganda. Senators Marsha Blackburn and Richard Blumenthal later pressed AI toy companies over child privacy and safety concerns, while Senator Maggie Hassan asked Bondu detailed questions after the exposure. The message from Washington is becoming clearer: this category will not be treated like a novelty for long.
Startups face a trust problem before scale
For startups, AI toys are attractive because they combine hardware, subscriptions, character design and cloud intelligence. A child who bonds with a toy may generate repeated engagement, while parents may pay for educational features, bedtime routines or monitored conversations. It is not hard to see why founders and investors are interested. Ambient AI needs a household use case, and children's play is one of the few places where voice-first interaction feels natural.
But the same features that make the category commercially interesting make it unforgiving. A young company can move faster than an established toy giant, but it may also have thinner security teams, less regulatory experience and fewer internal controls over employee access to sensitive systems. If a startup uses third-party AI models from providers such as Google or OpenAI, it also has to explain what data is transmitted, how it is minimized, whether it can be used for training and how parents can delete it. Vague assurances will not be enough.
That is where regulation may change the competitive map. California state Senator Steve Padilla introduced a proposal for a temporary moratorium on AI chatbot toys for young children, giving regulators time to build safety standards. Whether that bill advances or not, it points to the likely direction of travel: age-appropriate design rules, stricter parental controls, tighter data-retention limits, audit requirements and clearer liability when something goes wrong.
Large platforms and established toy companies may be better positioned if those rules become expensive to satisfy. Mattel's partnership with OpenAI shows how major brands are exploring AI play while trying to frame the work around safety and privacy. Bigger companies have more to lose from a child-safety scandal, but they also have compliance teams, security budgets and recognizable brands that can reassure retailers and parents. Regulation could become a moat.
The market will not disappear because the risks are real. Parents still want educational products that feel alive, creative tools that are not addictive screens and toys that can adapt to a child's curiosity. The winners will be companies that treat privacy as part of the product, not as legal text attached after launch. That means minimal retention, transparent logs, easy deletion, strong authentication, independent testing and limits on what a toy is allowed to remember.
The next phase of consumer AI may arrive through something soft, colorful and sold in a toy aisle. If companies get it right, AI toys could become a useful bridge between children and technology. If they get it wrong, the first mass-market lesson families learn about ambient AI will be that the toy was listening too closely and protecting too little.
Also read: TikTok scales back AI video summaries after public mistakes • Waymo and Wayve are turning London into an AI driving test • Nvidia now faces a harder copyright fight over AI training tools
