If you use an AI girlfriend or companion app, you have probably shared things with it you would not say out loud to another person, insecurities, relationship problems, personal fears, maybe even photos. In 2026, security researchers confirmed that this is exactly the data getting exposed. A study of 17 popular AI companion apps found critical vulnerabilities in nearly all of them, and two have already leaked millions of private messages and photos in confirmed incidents.
Here is what happened and what to check right now. If your photos may have surfaced somewhere you did not put them, Social Catfish’s reverse image search shows you where your images appear online before anyone else finds them first.
What AI Girlfriend Apps Actually Do With Your Data

Understanding the risk starts with understanding what these apps collect and how they use it.
What they collect:
- Every message you send and receive, stored on the app’s servers
- Photos you upload, including profile photos and any images you share in conversation
- Voice recordings if the app has voice features
- Device identifiers, IP address, and in many cases location data
- Behavioral data including how long you use the app, what topics you engage with most, and your response patterns
How they use it:
Most AI companion apps use your conversation data to train and improve their underlying models. This is disclosed in their privacy policies, but rarely prominently. Your messages are not just stored; they actively improve the product. Some apps share data with third-party analytics providers and advertising partners. A small number offer genuine opt-out options. Most do not.
The regulatory gap that matters:
AI companion apps are not classified as healthcare products, mental health services, or regulated communications platforms. This means the stricter data protection requirements that apply to therapy apps, telehealth services, and medical records do not apply here, despite the fact that people share information with these apps that is comparable in sensitivity to what they might share with a therapist. This gap is not visible from inside the app.
What Security Researchers Found in 2026
In 2026, cybersecurity firm Oversecured analyzed 17 AI companion apps available on the Google Play Store with a combined 150 million downloads. The findings covered the category broadly rather than isolating one poorly built app.
Key findings:
- 14 critical vulnerabilities and 311 high-risk security flaws across the 17 apps
- In 10 of the 17 apps, the flaws created a direct path for attackers to access users’ private conversation histories
- One app with over 10 million downloads had hardcoded cloud credentials in its publicly accessible code, including an active OpenAI API token and a Google Cloud private key — meaning anyone who examined the app’s code could access its cloud infrastructure
These findings indicate that weak security practices are widespread across the category, not limited to fringe apps.
Confirmed Data Breaches That Have Already Happened
These are real incidents with confirmed dates and documented scope.
October 2025 — Chattee Chat and GiMe Chat:
These two AI companion apps leaked 43 million intimate messages and 600,000 photos from over 400,000 users. The exposed content included private conversations users had with their AI companions, material shared specifically because users believed it was private.
February 2026 — unnamed AI chat app:
A database misconfiguration exposed 300 million messages from 25 million users. This was not a sophisticated cyberattack. It was an unsecured database left accessible without proper access controls, a basic operational failure at scale.
Both incidents affected ordinary users who had done nothing wrong. They used the apps as designed and trusted the implicit promise of privacy.
Why Leaked Data From These Apps Is More Dangerous Than Most Breaches
Most data breaches expose usernames, email addresses, or hashed passwords. The data exposed in AI companion app breaches is different in kind.
The sextortion risk:
Photos shared with AI apps, including profile photos, casual selfies, and in some cases explicit content, can be fed into deepfake generation tools to create convincing fake explicit content. That fabricated material is then used as leverage in sextortion: the victim is threatened with distribution to their contacts, family, or employer unless they pay. The victim’s own photos, shared in what they believed was a private space, become the raw material.
Targeted fraud and social engineering:
Personal details shared in AI companion conversations, such as financial stress, location, relationship problems, health concerns, and insecurities, represent a detailed psychological profile. Scammers with access to this kind of data can craft highly targeted approaches that generic fraud cannot replicate. They know what the person is worried about, what they want, and what pressures they are under.
Identity verification risk:
Some users share personally identifying information with their AI companion in the context of conversation, their real name, workplace, neighborhood, or daily routine. This information, combined with photos, creates the foundation for identity fraud or physical safety risks in ways that most other breach categories do not.
How to Evaluate an AI Companion App Before You Use It
These are the specific things worth checking before you decide how much to share with any app in this category.
Check the privacy policy for these specifics:
- How long are your messages and photos retained after you stop using the app?
- Is your conversation data used to train the model?
- Is your data shared with third parties, and under what conditions?
- Can you request deletion of your data, and what is the actual timeline?
Check the permissions the app requests:
A text-based conversation app should not need access to your contact list, precise location, or full camera roll. Each unnecessary permission represents an additional data surface that has no benefit to you as a user.
Search for reported incidents:
Search the app name alongside terms like data breach, privacy, leaked, or security vulnerability before sharing anything personal. Chattee Chat and GiMe Chat are confirmed examples. A few minutes of searching before downloading is worth the time.
Look for account deletion, not just deactivation:
Many apps allow you to close your account while retaining your data for model training purposes. Look specifically for whether the app offers genuine data deletion and what the process actually involves.
How to Use These Apps More Safely If You Choose To
If you use AI companion apps and want to reduce your exposure without stopping entirely, these practices meaningfully lower your risk profile.
Share less identifying information:
You do not need to share your real name, employer, neighborhood, or daily routine for these apps to be useful. Using them pseudonymously reduces the risk that a breach connects exposed data directly to your real identity.
Avoid sharing photos:
The specific risk pathway from leaked photos to deepfake sextortion is well documented. Using these apps without sharing photos removes that risk vector entirely while preserving everything that makes the conversation useful.
Use a separate email address:
Register with an email address you do not use for banking, social media, or other sensitive accounts. This limits the damage from credential exposure if the app is breached.
Review app permissions after installation:
Go to your device settings and check what permissions the app has actually been granted. Revoke any that are not necessary for its core function.
Do not reuse passwords:
Use a unique password for each AI companion app. Password reuse is how a breach at one service leads to compromise at others.
What to Do If You Think Your Data Was Exposed
Step 1: Change your password on the app and everywhere you used the same password.
Step 2: Check where your photos appear online.
Upload your photos to Social Catfish’s reverse image search. The search uses facial recognition to find where your images appear across social media, adult content platforms, and dating apps that standard search engines cannot index. Knowing where your photos have surfaced gives you the ability to file DMCA takedown requests and report unauthorized use before the content is used against you.
Step 3: Monitor for extortion attempts.
If someone contacts you claiming to have compromising content from an AI app, do not panic-pay. Payment confirms you will pay again and demands almost always escalate. Run their contact details, phone number, email, or username through Social Catfish to identify who is actually behind the contact before you decide how to respond.
Step 4: Report through the right channels.
- Report active extortion to the FBI’s Internet Crime Complaint Center at ic3.gov
- Report incidents involving minors to the National Center for Missing and Exploited Children at cybertipline.org
- Contact the app’s official support to report a suspected breach
- File with the FTC at reportfraud.ftc.gov if financial harm occurred
FAQ
The 2026 security research found critical vulnerabilities across nearly all major apps in the category, and two confirmed breaches have already exposed hundreds of millions of messages and hundreds of thousands of photos. They can be used more safely by sharing less identifying information and avoiding photo uploads. Still, the category as a whole has not demonstrated security practices appropriate for the sensitivity of what users share.
Chattee Chat and GiMe Chat are confirmed examples, leaking 43 million messages and 600,000 photos in October 2025. A separate unnamed app exposed 300 million messages from 25 million users in February 2026. Search any app you use alongside the word “breach” to check for additional incidents before sharing personal content.
This depends on the app’s data retention policy. Many apps retain your conversation data for extended periods after account closure, and some use it indefinitely for model training. Check the specific app’s privacy policy for its data deletion policy before assuming your data is removed when you leave.
Yes. Leaked photos can be used to create deepfake content for sextortion. Personal details shared in conversations provide targeted fraud operations with profile information that generic scams do not have. If someone contacts you claiming to have content from your AI app conversations, run their contact details through Social Catfish before responding to verify who you are actually dealing with.
Upload your photos to Social Catfish’s reverse image search. The facial recognition searches across platforms that standard search engines cannot index and returns every location where your images appear online, giving you the information you need to act through takedown requests before the content is used against you.
Conclusion
AI companion apps offer something genuinely useful to many people. The privacy and security issues documented in 2026 are not a reason to condemn the category; they are practical information that changes how you use it.
The specific steps that reduce your risk are straightforward: share less identifying information, avoid uploading photos, use a unique email address and password, and read the privacy policy before you decide what to share. If you are already a user and want to know whether your photos have surfaced somewhere you did not put them, Social Catfish’s reverse image search answers that question in minutes and gives you the ability to act on what you find.
The gap between what these apps feel like and what they actually protect is the risk worth understanding. Knowing about it puts you in a better position to manage it on your own terms.






