AI-enabled toys are moving into homes and classrooms faster than privacy rules, safety testing, and child development research can keep up with.
Researchers and child-safety groups warn that generative AI companions can collect children’s data, produce unsafe answers, and encourage emotional attachment. For parents, schools, and technology procurement teams, the concern is not just what these toys say, but what they record, store, and send to cloud services.
What early research found about AI toys
A June 2 report in the Journal of Medical Internet Research said about 22 million AI-integrated toys were sold globally in 2025, including 10 million marketed for educational use. Research remains thin: The report cited a University of Cambridge review that found only seven qualifying studies on generative AI toys and children under five.
That gap matters because AI toys are often sold as learning companions, not just novelty gadgets. Some hold open-ended conversations, remember prior interactions, respond to a child’s tone, and simulate friendship. Those features may make the toys engaging, but they also make them harder to assess under safety rules built mostly around physical hazards.
Cambridge researchers observed 14 children and parents interacting with Curio’s Gabbo. The toy struggled with social and pretend play, including distinguishing between parent and child.
Common Sense Media said 27% of tested AI toy outputs were inappropriate for children, including content involving self-harm, drugs, and risky behavior. Separate PIRG testing found that Curio’s Grok, FoloToy’s Kumma, and Miko 3 could fail in sensitive conversations involving mature topics or dangerous household items.
Why privacy and safety standards are lagging
The privacy risks go beyond a toy giving a bad answer. AI toys can collect voice recordings, transcripts, emotional cues, names, routines, and other household details children disclose naturally. Some products also use cameras or facial recognition features, turning play into biometric and behavioral data. Workplace AI wearables raise similar questions about cameras, microphones, data retention, and consent.
That data may be processed through third-party cloud services or AI model providers. For APAC schools and families buying through cross-border marketplaces, the toy, cloud provider, and underlying AI model may fall under different legal regimes. The same question is emerging around AI agent devices: who controls the data they capture?
That matters because the products and models already cross the region. FoloToy’s Kumma has been identified as Singapore-linked, while other tested toys involved India-linked companies or China-developed AI systems. A Hastings Center essay described testing in which a DeepSeek-powered toy gave politically framed responses on Taiwan and other sensitive topics.
In the US, the FTC finalized COPPA rule changes in January 2025, including stronger limits on children’s data sharing and expanded coverage for biometric identifiers. But COPPA is not a full safety standard for AI companions.
WIRED reported in January 2026 that Bondu had exposed more than 50,000 chat transcripts through a web portal and that US Senate offices identified a separate unsecured database involving Miko audio responses. Miko said customer data had not been publicly accessible or compromised.
For buyers, the checklist is short: identify the model provider, check whether conversations are stored, review third-party data-sharing terms, and require independent safety testing. Those checks align with broader concerns about age-appropriate AI safeguards.
The issue is not that every AI toy is harmful. It is that child-facing products are reaching homes and classrooms before clear privacy, safety, and transparency standards exist.
Also read: SAS’s new agentic AI governance tools show how enterprise vendors are building controls for autonomous AI systems.
Read the full article here
