Overview
Severity: CRITICAL | Affected: Chai AI | Category: breach
Chai AI, a popular platform for creating and interacting with AI chatbots, has confirmed a significant data breach affecting approximately 1.5 million users. The breach was attributed to a misconfigured cloud database instance that was left publicly exposed without authentication. The exposed data includes user email addresses, hashed passwords, and, most critically, extensive chat logs containing sensitive and private conversations between users and their AI companions. Security analysts are concerned that the detailed chat logs could be used for sophisticated social engineering, blackmail, or training malicious AI models. Chai AI has stated that it has secured the database and is forcing a password reset for all affected users. The incident highlights the critical need for robust security postures at AI companies that handle large volumes of personal user interaction data.