Vyro AI Data Breach Exposes User Prompts & Authentication Tokens
Researchers from Cybernews have reported a major data breach involving Vyro AI, a company renowned for its popular generative applications on Android and iOS. An unsecured Elasticsearch server belonging to the developer had been publicly exposing, in real time, a 116 GB collection of logs aggregated from three of its services: ImagineArt, with more than 10 million installs on Google Play; Chatly, with hundreds of thousands of downloads; and the web-based chatbot Chatbotx, which receives around 50,000 monthly visitors.
Headquartered in Pakistan, Vyro AI claims its applications have been downloaded more than 150 million times, generating approximately 3.5 million images per week. According to the researchers, the exposed server contained logs from both production and testing environments, covering data from the past two to seven days. Alarmingly, the database had been indexed by IoT search engines as early as February, potentially granting malicious actors months of unrestricted access.
The leak included user prompts to the AI, Bearer authentication tokens, and detailed information about devices and browsers in use. Such data could enable threat actors to monitor user activity, hijack accounts, and extract sensitive information from private chats. The situation is particularly concerning for ImagineArt, which counts over 30 million active users. Compromised tokens could allow attackers to seize full control of accounts, access chat histories and generated images, and even exploit paid features at the expense of legitimate owners.
An additional danger stems from the exposure of user queries themselves. Interactions with generative AI frequently involve personal or confidential details that individuals would never disclose publicly. The leakage of such content into hostile hands carries the risk of severe reputational and financial consequences.
The timeline of disclosure unfolded gradually: the issue was first identified on April 22, 2025, reported to Vyro AI on July 22, and escalated to the national CERT on July 28.
This case underscores how, in the race to secure a foothold in the rapidly expanding AI market, developers sometimes neglect fundamental safeguards. Meanwhile, users are increasingly entrusting generative AI systems with their ideas, documents, and even confidential information. Incidents like this highlight that security must not be optional—it must be a prerequisite.
Similar lapses have affected major players as well. In August, for instance, conversations with ChatGPT and Grok briefly became searchable on Google due to an insecure link-sharing feature, which later had to be removed. Cybernews researchers also recently demonstrated that the Expedia chatbot could be manipulated to generate instructions for creating incendiary devices, vividly illustrating the risks of unprepared releases. Even OpenAI’s latest GPT-5 model was not immune—researchers managed to bypass its safeguards within just 24 hours of launch.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
