A maker of artificial intelligence powered children’s toys is facing scrutiny from U.S. lawmakers after an unsecured database exposed thousands of snippets from conversations between its toys and young users. Sens. Marsha Blackburn and Richard Blumenthal said that their offices identified a significant data exposure involving audio responses generated by the Miko 3, raising concerns about how companies handle sensitive data collected from minors.
In letters sent Wednesday to manufacturers of AI powered children’s toys, the senators said staff members discovered that Miko had left what appeared to be all of the toy’s audio responses in a publicly accessible database. According to the letter addressed to Miko, the exposure potentially allowed anyone to download thousands, if not tens of thousands, of audio files reflecting the toy’s side of conversations with children. Many of the audio clips reportedly contained children’s names and contextual details about their interactions, enabling outsiders to follow conversations based solely on the toy’s replies. The database, reviewed by NBC News, appeared to include daily responses dating back to December 2025. Files were organized into folders labeled GOOGLE and AZURE, likely referencing cloud infrastructure providers, and subdivided by languages and dialects such as en US for American English and da DK for Danish. Within those folders, audio files were arranged by date, making it possible to trace when a child began using the toy and when the session ended through greeting and farewell messages.
In a statement, Miko CEO and founder Sneh Vaswani said there had been no breach or leak of user data. He stated that Miko does not store children’s voice recordings and that no children’s voices or personal information are publicly accessible. He added that no customer data had been compromised and that the company would provide a detailed response to the senators’ letter. According to the senators’ offices, staff identified the exposure using free publicly available tools to analyze communications sent from a Miko toy over a Wi Fi network. By examining the web server interacting with the device, they located audio files that appeared to be generated responses to children’s inputs. Although recordings of the children’s voices did not seem to be present, NBC News reported it was possible to reconstruct parts of conversations by listening to sequential replies stored in the database, including discussions about feelings, music preferences, and other personal topics.
The lawmakers said the incident raises serious questions about whether AI toy manufacturers are adequately protecting children’s privacy and data security. In their letter to Miko, Blackburn and Blumenthal asked why audio responses were not secured, what third party companies receive shared data, how information about users’ emotional states is used, and how the company ensures permanent deletion of data when requested by parents. The senators also contacted Curio and FoloToy, makers of other AI enabled toys, seeking details about their privacy safeguards and parental control mechanisms. A spokesperson for Curio said the company takes policymakers’ concerns seriously and is engaging with the senators, emphasizing parental permission, transparency, and compliance with applicable laws. Privacy advocates also weighed in, warning that failing to secure children’s interactions with AI systems reflects disregard for both security and trust. The senators’ offices notified Miko of the exposure on Wednesday, and by late afternoon the database was no longer publicly accessible, but the episode has intensified debate over how AI driven products designed for children are monitored and regulated.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
