
Dating • Privacy & safety
Are AI Girlfriends Safe? What the Leaks and the FTC Say
The category is usable, but 'safe' is the wrong question. The right one is which operator you trust — because the gap between the careful ones and the careless ones is enormous, and the careless ones have already leaked tens of millions of the most intimate messages their users ever typed.
TL;DR — Key takeaways
- An AI girlfriend app holds a worse combination of data than almost anything else on your phone: your most explicit conversations plus, often, your uploaded face. A breach here isn't a leaked password — it's a leaked confession.
- This isn't hypothetical. Muah.ai lost ~1.9M records in 2024; a 2025 exposure at two companion apps spilled ~43M messages and ~600k images; and security firm Oversecured found critical flaws in more than half of the apps it tested.
- Mozilla reviewed the category in 2024 and gave a privacy warning label to every romantic AI chatbot it looked at — none, at the time, cleared the bar.
- The FTC opened a formal inquiry in September 2025, ordering seven companies to explain how they handle this data. It's a study, not yet a rule — but it's the clearest signal yet that the free-for-all is ending.
- You can use one far more safely than most people do: burner email, no real face, no legal name, and a two-minute check of the deletion policy before you get comfortable. The careful-vs-careless gap is mostly under your control.
"Are AI girlfriends safe?" gets asked as if the answer is one word. It isn't. The technology is not the risk; the operator is. And in the last two years the operators have handed us an unusually clear evidence trail — real breaches, real record counts, a category-wide audit, and now a federal regulator asking pointed questions.
So instead of reassuring or scaring you, here's the actual record: what these apps collect, what has already leaked, what the FTC's move means, and the short checklist that separates a careful user from a headline. For the adoption side of this story — why one in five men has already tried one — see our data comparison of AI girlfriends versus dating apps.
Why a breach here is worse than a password leak
Start with what actually lives inside these apps, because it's the whole reason this matters more than a typical data spill.
An AI companion is engineered to earn disclosure. It never judges, never gets bored, never leaves you on read — so people tell it things they've told no human: sexual fantasies, affairs, gender and identity questions, and, in the platforms' own research, sometimes suicidal thoughts. On top of the text, many apps invite you to upload a photo of your face to "see yourself" with your companion, or to generate images. The result is a single database that pairs your most intimate confessions with an identifier that points back to you.
That combination is what makes the risk category-specific. A leaked password is an inconvenience you fix in five minutes. A leaked archive of your explicit chats — tied to an email, a device ID, or a face — is not something you can rotate. It's the raw material for sextortion and blackmail, and unlike a credit card, you can't cancel it. In an Institute for Family Studies / YouGov survey of 2,000 adults, roughly 19% said they'd chatted with a romantic AI — about 31% of young men and 23% of young women[6] — so this isn't a fringe exposure. It's a mainstream data class that the industry is still learning to secure.
The incidents, on a timeline
None of the following is speculation. Each is a documented event with a named source.
2024 — Mozilla grades the whole category and it fails. In its Privacy Not Included review of romantic AI chatbots, the Mozilla Foundation reviewed 11 apps and slapped a privacy warning label on every single one[1]. The recurring problems: vague or missing policies on what happens to your chats, little or no ability to opt out of having your intimate messages used to train the models, and unclear data-sharing. This was not a story about one bad app. It was the category's baseline.
October 2024 — Muah.ai is breached. The NSFW companion app Muah.ai suffered a breach that exposed roughly 1.9 million records, documented via Have I Been Pwned, tying user emails to the explicit prompts they'd entered[2]. It was the first mass-scale confirmation that the intimate-chat archive is a real, exfiltratable asset — not a theoretical one.
2025-26 — security researchers find the doors were never locked. Two findings landed close together. First, the security firm Oversecured audited 17 popular AI companion apps and reported critical flaws in more than half of them — 14 critical vulnerabilities in total, including hard-coded cloud credentials shipped inside a public app package, with several flaws allowing direct access to chat history[4]. Then Cybernews discovered that two apps, Chattee Chat and GiMe Chat, had left a server wide open to the public internet — no authentication at all — streaming real-time conversations and media. The exposure covered around 43 million messages and more than 600,000 images and videos from roughly 400,000 users[3]. The data included device identifiers, and researchers noted the archive was reachable by anyone who found the server on a public device-search engine.
Read those three together and the pattern is unmistakable: the category was graded unsafe in 2024, proven leakable weeks later, and then shown — twice — to have been leaving the vault door open the whole time.
What the FTC's move actually means
In September 2025, the Federal Trade Commission opened a formal inquiry into consumer AI companion chatbots, issuing 6(b) orders to seven companies — Alphabet (Google), Character.AI, Meta and Instagram, OpenAI, Snap, and Elon Musk's xAI[5]. Two things about this are worth getting right, because the headlines tend to blur them.
First, what a 6(b) order is. It's a market-study tool. The FTC's Section 6(b) authority lets it compel companies to hand over detailed information — here, how they test for harm, how they monetize engagement, how they develop AI characters, and, crucially, how they use and share the personal information gained through user conversations. It is not an enforcement action, a fine, or a rule. Nobody has been charged with anything.
Second, why it still matters. Regulators don't spend this authority casually. A 6(b) study is frequently the fact-finding phase that precedes rules or enforcement — the government building the record it would need to act. The stated focus is protecting children and teens, prompted by lawsuits alleging chatbots contributed to serious harms, but the data-handling questions apply to every adult user too. The honest read: the unregulated era is ending, slowly. For now the inquiry changes nothing about how your data is protected today — it's a signal about tomorrow, not a shield you can rely on tonight.
A practical safety checklist
You cannot audit an app's server security from the outside. What you can control is how much of yourself you hand over — and that's most of the actual risk. Four rules do the heavy lifting:
- Pick operators that are transparent about retention and deletion. Before you invest in a companion, find the answer to one question: can you delete your data, and does the policy say chats are used to train models? An app that makes this clear — and offers a real opt-out — is telling you something an app that buries it is also telling you. This is exactly the axis we weigh in our review of which AI girlfriend apps handle privacy better and worse; the spread between the top and the bottom is wide.
- Never upload your identifying face. The single highest-value item in every breach above is the link between intimate content and a real person. Don't provide it. If you want a visual companion, use the app's generated characters, not a photo of yourself, a partner, or anyone you know.
- Use a unique, unlinked email — and no real name. A dedicated burner address means a leaked record can't be cross-referenced to your primary accounts, and keeping your legal name out of chats removes the identifier that turns an embarrassing leak into a targeted one. Assume anything you type could one day be public, and write accordingly.
- Check the deletion policy before you get attached, not after. Deleting the app does not delete the server-side archive. Find the account-deletion path on day one; if you can't find one, treat that as the answer. The goal throughout is simple: share the minimum, so that if the operator is breached, there's less of you in it.
The honest verdict
Are AI girlfriends safe? As a category, no — not in the way you'd want the word to mean. The evidence is a warning label on every app Mozilla reviewed, a multi-million-record breach, a 43-million-message exposure, and a federal regulator that felt the need to start asking questions.
But "the category is unsafe" is not the same as "don't use one." The truer statement is that the gap between the careful operators and the careless ones is enormous, and most users can't tell them apart from the landing page. A disciplined user on a transparent app — burner email, no real face, a deletion policy they actually read — is exposed to a fraction of the risk of a careless user on the cheapest app in the store. The technology isn't the danger. The combination of an indifferent operator and an over-sharing user is.
So use one the way you'd use any service holding your secrets: assume it will eventually leak, and make sure that when it does, there isn't much of the real you inside. If you want to see how the specific apps stack up on exactly this axis, that's the whole point of our ranked review of AI girlfriend apps — and if you're still deciding whether an AI companion is even the right tool versus a dating app, we put the two side by side on cost and time.
Sources
Every numbered claim in this review links back to a source below.
- Mozilla Foundation — *Privacy Not Included* (2024): every romantic AI chatbot reviewed earned a privacy warning label; most offered no opt-out from training on intimate chats· accessed Jul 2, 2026
- Have I Been Pwned — Muah.AI data breach (Oct 2024): ~1.9M records of emails tied to explicit prompts exposed· accessed Jul 2, 2026
- Cybernews — Chattee Chat / GiMe Chat exposure (2025): an unsecured server spilled ~43M messages and 600k+ images/videos from ~400k users· accessed Jul 2, 2026
- Oversecured / Cybernews — security audit of 17 AI companion apps: 14 critical vulnerabilities, critical flaws in more than half, including hard-coded credentials and chat-history access· accessed Jul 2, 2026
- Federal Trade Commission — 'FTC Launches Inquiry into AI Chatbots Acting as Companions' (Sept 2025): 6(b) orders to seven companies on safety and data-handling practices· accessed Jul 2, 2026
- Institute for Family Studies / YouGov — survey (n=2,000) on romantic AI companion adoption among US adults· accessed Jul 2, 2026