Millions could be exposed as AI chatbots spill data

A server belonging to one of the big names in generative AI just spilled sensitive user data, including private prompts and authentication tokens, potentially exposing millions of people.

An unsecured server belonging to the creator of ImagineArt, Chatly, and Chatbotx AI apps exposed 116GB of live logs.
Leaked data included prompts, bearer tokens, and user agents.ogs, including prompts.
The leak scale is significant: with over 10 million installs for ImagineArt alone and 150 million total downloads, leaked tokens could enable account takeovers, access to chat histories, generated images, and fraudulent AI credit purchases.
The leak underscores the growing security gap in the booming AI sector.

Cybernews researchers discovered an unprotected Elasticsearch instance linked to Vyro AI, the company behind some of the most downloaded generative AI tools on Android and iOS.

The open server was leaking 116GB of user logs in real time from the company’s three apps: ImagineArt (10M+ downloads on Google Play), Chatly (100K+ downloads), and Chatbotx, a web-based chatbot with around 50K monthly visits.

The Pakistan-based company claims to have more than 150 million app downloads across its portfolio and says its products pump out 3.5 million images every week.

The leak covered both production and development environments and stored about 2–7 days' worth of logs. Researchers say the database was first indexed by IoT search engines in mid-February, meaning it could have been visible to attackers for months.

vyro ai data leak — Elasticsearch indices.

What data did Vyro AI leak?

AI prompts that users typed into the apps
Bearer authentication tokens
User agents

“This leak is significant as it would have allowed for monitoring user behaviour, extracting sensitive information that users shared with AI models, and would have allowed for the hijacking of user accounts,” Cybernews researchers explained.

The size of ImagineArt alone makes the incident alarming. With more than 10M Android installs and claims of 30M+ active users overall, the exposed tokens are a treasure trove for account hijackers. Attackers could easily exploit leaked data to lock users out of their accounts and take them over.

“Takeovers may result in access to full chat history, access to generated images, or could be abused to illegitimately purchase AI tokens, which could later be used for malicious purposes,” added the research team.

Leaking prompts provided by the user to the AI is also troublesome. Conversations with AI often contain intimate or private information, so leaking prompts could reveal things people would never post publicly.

AI security is still not the first priority

The leak underscores the growing security gap in the booming AI sector. As AI startups rush to grab market share, they sometimes cut corners on security. But as more people feed their thoughts, ideas, and even confidential data into generative AI systems, the stakes keep rising.

In August, users were shocked when their conversations with ChatGPT and Grok were leaked on Google search. The leaks were caused by an insecure feature that allowed users to share conversations. When they created share links, the content became crawlable by search engines. OpenAI has since removed the feature.

Recently, Cybernews research revealed that an AI chatbot launched by travel giant Expedia could, with the right prompts, show users how to make Molotov cocktails. The situation exposed how customer-support chatbots released without the appropriate guardrails can expose companies to legal, financial, and reputational risk.

While AI chatbots are often pre-programmed to avoid sensitive or harmful topics, the lack of reliable safety measures may result in AI models going rogue.

The lack of guardrails affects even AI giants like OpenAI, which also struggles with effective guardrails. After the company launched its latest model, GPT-5, several security teams jailbroke the chatbot in less than 24 hours.