Skip to content
DatingSiteSpot
Are AI girlfriends safe? What the documented leaks and the FTC's 2025 inquiry say about the privacy of AI companion apps

Dating • Privacy & safety

Are AI Girlfriends Safe? What the Leaks and the FTC Say

The category is usable, but 'safe' is the wrong question. The right one is which operator you trust — because the gap between the careful ones and the careless ones is enormous, and the careless ones have already leaked tens of millions of the most intimate messages their users ever typed.

7 min read

TL;DR — Key takeaways

  • An AI girlfriend app holds a worse combination of data than almost anything else on your phone: your most explicit conversations plus, often, your uploaded face. A breach here isn't a leaked password — it's a leaked confession.
  • This isn't hypothetical. Muah.ai lost ~1.9M records in 2024; a 2025 exposure at two companion apps spilled ~43M messages and ~600k images; and security firm Oversecured found critical flaws in more than half of the apps it tested.
  • Mozilla reviewed the category in 2024 and gave a privacy warning label to every romantic AI chatbot it looked at — none, at the time, cleared the bar.
  • The FTC opened a formal inquiry in September 2025, ordering seven companies to explain how they handle this data. It's a study, not yet a rule — but it's the clearest signal yet that the free-for-all is ending.
  • You can use one far more safely than most people do: burner email, no real face, no legal name, and a two-minute check of the deletion policy before you get comfortable. The careful-vs-careless gap is mostly under your control.
Verdict: Not a category to fear, but not one to trust blindly either. Treat every AI companion as a service that will eventually be breached, and share accordingly.

"Are AI girlfriends safe?" gets asked as if the answer is one word. It isn't. The technology is not the risk; the operator is. And in the last two years the operators have handed us an unusually clear evidence trail — real breaches, real record counts, a category-wide audit, and now a federal regulator asking pointed questions.

So instead of reassuring or scaring you, here's the actual record: what these apps collect, what has already leaked, what the FTC's move means, and the short checklist that separates a careful user from a headline. For the adoption side of this story — why one in five men has already tried one — see our data comparison of AI girlfriends versus dating apps.

Why a breach here is worse than a password leak

Start with what actually lives inside these apps, because it's the whole reason this matters more than a typical data spill.

An AI companion is engineered to earn disclosure. It never judges, never gets bored, never leaves you on read — so people tell it things they've told no human: sexual fantasies, affairs, gender and identity questions, and, in the platforms' own research, sometimes suicidal thoughts. On top of the text, many apps invite you to upload a photo of your face to "see yourself" with your companion, or to generate images. The result is a single database that pairs your most intimate confessions with an identifier that points back to you.

That combination is what makes the risk category-specific. A leaked password is an inconvenience you fix in five minutes. A leaked archive of your explicit chats — tied to an email, a device ID, or a face — is not something you can rotate. It's the raw material for sextortion and blackmail, and unlike a credit card, you can't cancel it. In an Institute for Family Studies / YouGov survey of 2,000 adults, roughly 19% said they'd chatted with a romantic AI — about 31% of young men and 23% of young women[6] — so this isn't a fringe exposure. It's a mainstream data class that the industry is still learning to secure.

The incidents, on a timeline

None of the following is speculation. Each is a documented event with a named source.

2024 — Mozilla grades the whole category and it fails. In its Privacy Not Included review of romantic AI chatbots, the Mozilla Foundation reviewed 11 apps and slapped a privacy warning label on every single one[1]. The recurring problems: vague or missing policies on what happens to your chats, little or no ability to opt out of having your intimate messages used to train the models, and unclear data-sharing. This was not a story about one bad app. It was the category's baseline.

October 2024 — Muah.ai is breached. The NSFW companion app Muah.ai suffered a breach that exposed roughly 1.9 million records, documented via Have I Been Pwned, tying user emails to the explicit prompts they'd entered[2]. It was the first mass-scale confirmation that the intimate-chat archive is a real, exfiltratable asset — not a theoretical one.

2025-26 — security researchers find the doors were never locked. Two findings landed close together. First, the security firm Oversecured audited 17 popular AI companion apps and reported critical flaws in more than half of them — 14 critical vulnerabilities in total, including hard-coded cloud credentials shipped inside a public app package, with several flaws allowing direct access to chat history[4]. Then Cybernews discovered that two apps, Chattee Chat and GiMe Chat, had left a server wide open to the public internet — no authentication at all — streaming real-time conversations and media. The exposure covered around 43 million messages and more than 600,000 images and videos from roughly 400,000 users[3]. The data included device identifiers, and researchers noted the archive was reachable by anyone who found the server on a public device-search engine.

Read those three together and the pattern is unmistakable: the category was graded unsafe in 2024, proven leakable weeks later, and then shown — twice — to have been leaving the vault door open the whole time.

What the FTC's move actually means

In September 2025, the Federal Trade Commission opened a formal inquiry into consumer AI companion chatbots, issuing 6(b) orders to seven companies — Alphabet (Google), Character.AI, Meta and Instagram, OpenAI, Snap, and Elon Musk's xAI[5]. Two things about this are worth getting right, because the headlines tend to blur them.

First, what a 6(b) order is. It's a market-study tool. The FTC's Section 6(b) authority lets it compel companies to hand over detailed information — here, how they test for harm, how they monetize engagement, how they develop AI characters, and, crucially, how they use and share the personal information gained through user conversations. It is not an enforcement action, a fine, or a rule. Nobody has been charged with anything.

Second, why it still matters. Regulators don't spend this authority casually. A 6(b) study is frequently the fact-finding phase that precedes rules or enforcement — the government building the record it would need to act. The stated focus is protecting children and teens, prompted by lawsuits alleging chatbots contributed to serious harms, but the data-handling questions apply to every adult user too. The honest read: the unregulated era is ending, slowly. For now the inquiry changes nothing about how your data is protected today — it's a signal about tomorrow, not a shield you can rely on tonight.

A practical safety checklist

You cannot audit an app's server security from the outside. What you can control is how much of yourself you hand over — and that's most of the actual risk. Four rules do the heavy lifting:

  • Pick operators that are transparent about retention and deletion. Before you invest in a companion, find the answer to one question: can you delete your data, and does the policy say chats are used to train models? An app that makes this clear — and offers a real opt-out — is telling you something an app that buries it is also telling you. This is exactly the axis we weigh in our review of which AI girlfriend apps handle privacy better and worse; the spread between the top and the bottom is wide.
  • Never upload your identifying face. The single highest-value item in every breach above is the link between intimate content and a real person. Don't provide it. If you want a visual companion, use the app's generated characters, not a photo of yourself, a partner, or anyone you know.
  • Use a unique, unlinked email — and no real name. A dedicated burner address means a leaked record can't be cross-referenced to your primary accounts, and keeping your legal name out of chats removes the identifier that turns an embarrassing leak into a targeted one. Assume anything you type could one day be public, and write accordingly.
  • Check the deletion policy before you get attached, not after. Deleting the app does not delete the server-side archive. Find the account-deletion path on day one; if you can't find one, treat that as the answer. The goal throughout is simple: share the minimum, so that if the operator is breached, there's less of you in it.

The honest verdict

Are AI girlfriends safe? As a category, no — not in the way you'd want the word to mean. The evidence is a warning label on every app Mozilla reviewed, a multi-million-record breach, a 43-million-message exposure, and a federal regulator that felt the need to start asking questions.

But "the category is unsafe" is not the same as "don't use one." The truer statement is that the gap between the careful operators and the careless ones is enormous, and most users can't tell them apart from the landing page. A disciplined user on a transparent app — burner email, no real face, a deletion policy they actually read — is exposed to a fraction of the risk of a careless user on the cheapest app in the store. The technology isn't the danger. The combination of an indifferent operator and an over-sharing user is.

So use one the way you'd use any service holding your secrets: assume it will eventually leak, and make sure that when it does, there isn't much of the real you inside. If you want to see how the specific apps stack up on exactly this axis, that's the whole point of our ranked review of AI girlfriend apps — and if you're still deciding whether an AI companion is even the right tool versus a dating app, we put the two side by side on cost and time.

Sources

Every numbered claim in this review links back to a source below.

  1. Mozilla Foundation — *Privacy Not Included* (2024): every romantic AI chatbot reviewed earned a privacy warning label; most offered no opt-out from training on intimate chats· accessed Jul 2, 2026
  2. Have I Been Pwned — Muah.AI data breach (Oct 2024): ~1.9M records of emails tied to explicit prompts exposed· accessed Jul 2, 2026
  3. Cybernews — Chattee Chat / GiMe Chat exposure (2025): an unsecured server spilled ~43M messages and 600k+ images/videos from ~400k users· accessed Jul 2, 2026
  4. Oversecured / Cybernews — security audit of 17 AI companion apps: 14 critical vulnerabilities, critical flaws in more than half, including hard-coded credentials and chat-history access· accessed Jul 2, 2026
  5. Federal Trade Commission — 'FTC Launches Inquiry into AI Chatbots Acting as Companions' (Sept 2025): 6(b) orders to seven companies on safety and data-handling practices· accessed Jul 2, 2026
  6. Institute for Family Studies / YouGov — survey (n=2,000) on romantic AI companion adoption among US adults· accessed Jul 2, 2026
Are AI girlfriend apps safe?
As a category, not by default. Mozilla gave a privacy warning label to every romantic AI chatbot it reviewed in 2024, and there have been real breaches since — including a ~1.9M-record leak at Muah.ai and a 2025 exposure of ~43M messages and 600k+ images across two companion apps. But safety varies enormously by operator and by how you use it. A transparent app used with a burner email, no real face and a checked deletion policy is far safer than the cheapest app used carelessly. The technology isn't the risk; the operator and your own oversharing are.
Can AI girlfriend chats leak?
Yes, and they already have. In 2025 security researchers at Cybernews found that Chattee Chat and GiMe Chat had left a server open to the public internet with no authentication, exposing around 43 million real-time messages and over 600,000 images and videos. Separately, Muah.ai was breached in 2024 (~1.9M records), and the firm Oversecured found critical vulnerabilities — including direct chat-history access — in more than half of 17 apps it tested. Deleting the app does not delete the copy stored on the company's servers, so assume anything you type could one day be exposed.
Does the FTC regulate AI companions?
Not yet — but it has started looking. In September 2025 the FTC issued 6(b) orders to seven companies (including Alphabet, Character.AI, Meta, OpenAI, Snap and xAI) demanding details on how they test for harm and how they use and share the personal data from user conversations. A 6(b) order is a market-study tool, not an enforcement action or a rule, so nothing is banned or fined today. It's widely read as the fact-finding phase that can precede regulation, so treat it as a signal that oversight is coming, not protection you have now.
How do I use an AI girlfriend app privately?
Four rules cover most of the risk. Use a unique burner email that isn't linked to your main accounts and keep your legal name out of the chats. Never upload a photo of your real face — use the app's generated characters instead — because the intimate-content-plus-real-identity pairing is exactly what makes a breach dangerous. Before you get attached, confirm the app has an account-deletion path and check whether your chats are used to train the model, ideally with an opt-out. The principle throughout: share the minimum, so that if the operator is breached, there's less of the real you inside.

Our receipts

Sources, test data, and disclosures that informed this review.

  • Test methodology
    This is a privacy and safety explainer, not a hands-on 'I dated nine bots' diary. We built the incident timeline from primary and near-primary sources only: the breach itself (Have I Been Pwned's Muah.AI record), the security researchers who found the flaws (Cybernews on the Chattee Chat / GiMe Chat exposure; Oversecured's audit of 17 apps), the advocacy review that graded the category (Mozilla's Privacy Not Included), the regulator's own filing (the FTC's September 2025 6(b) orders), and one survey for adoption context (Institute for Family Studies / YouGov, n=2,000). We took no affiliate money on this piece and name no 'safest app' — the honest finding is that safety here is an operator-by-operator question, not a category verdict.
  • Pricing verification
    Every figure in the timeline was checked against its originating source, not a secondhand roundup: the ~1.9M-record Muah.AI breach against Have I Been Pwned; the ~43M messages and ~600k images against Cybernews' disclosure of the Chattee Chat / GiMe Chat Kafka exposure; the 17-app / 14-critical-vulnerability figures against Oversecured's research; the seven named companies against the FTC's own press release and order. Where a number varied between outlets we used the researcher's or regulator's own count. Verified 2026-07-02.
  • Reviewer disclosures
    No affiliate cards and no CTAs appear on this page by design — an informational safety piece shouldn't be monetized against the fear it describes. The only outbound links are internal, to our independent editorial. Where we mention that some operators handle privacy better than others, that ranking lives in a separate review and is ordered on product quality, never payout.
  • Update log (1)

    Revision dates — this review is kept current as products and pricing change.

    • Jul 2, 2026

How did this article land?

Found something wrong? Let us know. Saved articles live at /saved/.