The numbers are hard to argue with. The AI companion apps have crossed 150 million installs globally, with user bases growing quarter over quarter as the technology improves and awareness broadens beyond early adopters into genuinely mainstream audiences. For a category that barely existed in its current form three years ago, that trajectory is remarkable.
But scale brings scrutiny. And the scrutiny being applied to the AI companion space in early 2026 is revealing something that rapid growth tends to obscure. The infrastructure underneath many of these platforms was not built to handle the sensitivity of what users are sharing on them.
How Big Has the AI Companion Category Actually Gotten?
The 150 million install figure sits within a broader picture of sustained commercial momentum. The online companionship and AI relationship sector crossed several billion dollars in annual revenue in 2026, with AI-powered platforms representing a growing share of that total as they displace older, human-operated services.
Monthly active user counts on individual platforms tell the same story. Dream Companion attracted hundreds of thousands of monthly visitors within months of its updated launch. LackChat AI reached 1.2 million monthly active users within six weeks of its April 2025 debut. SpicyChat maintains one of the largest community character libraries in the category, over 300,000 user-created companions, underpinned by a sizeable and engaged regular user base.
MIT Technology Review’s decision to include AI companions in its 2026 Breakthrough Technologies list placed the category alongside advances in energy storage, cancer diagnostics, and quantum computing. A mainstream cultural and technological recognition that would have seemed unlikely at the category’s origins.
The growth is real, the demand is genuine, and the technology has improved to the point where it earns sustained engagement rather than relying on novelty. These are the conditions under which serious security problems tend to go unnoticed for longer than they should.
What the Security Research Found
The picture that has emerged from independent security research in late 2025 and early 2026 is concerning enough that users deserve a plain-language account of it.
A study examining the leading AI companion applications found that more than half of them expose intimate chat histories through critical technical vulnerabilities. The types of flaws identified are not exotic or sophisticated. They are the kind of basic security errors that standard development review processes are designed to catch before products reach consumers.
The most common vulnerability type is cross-site scripting, which allows attackers to inject malicious code into the chat interface. This means the ability to read conversations in real time or steal session tokens that give access to entire accounts. For platforms handling explicit conversations and sensitive personal disclosures, this represents a serious exposure.
Arbitrary file access vulnerabilities allow attackers to retrieve cached images and voice messages directly from device storage. This means that generated images, voice notes, and other media files created within the app can be accessed without the user’s knowledge or consent. Hardcoded credentials and access keys left embedded in application code provide a direct route into backend systems for anyone with the technical knowledge to look for them.
These are not theoretical risks. In February 2026, independent security researchers identified an AI chat platform that had exposed approximately 300 million messages from around 25 million users through a basic database misconfiguration.
The content of those messages was reported as almost entirely explicit or highly personal in nature. The exposure was not the result of a sophisticated targeted attack. It was the result of a configuration error that should never have made it into a production environment.
Why This Is Happening
Understanding why security vulnerabilities are so prevalent in the AI companion space requires understanding the conditions under which most of these platforms were built.
The category experienced explosive growth over a short period. Platforms that launched as small products with small development teams found themselves handling millions of users and sensitive intimate data before they had the infrastructure or the security culture to manage it responsibly.
The commercial incentives during a growth phase prioritise feature development and user acquisition over security hardening. This is a trade-off that is common across rapidly scaling consumer technology categories but particularly consequential in one dealing with content this sensitive.
There is also a regulatory gap that has allowed the problem to persist longer than it would in more scrutinised industries. AI companion applications are not classified as health applications, financial services, or social media platforms. All categories with existing data protection requirements and enforcement mechanisms. They occupy a grey zone where the intimacy of what users share far exceeds the regulatory oversight applied to how that data is handled.
California’s governor signed rules in late 2025 requiring major AI companies to publicise their safety practices, but enforcement remains limited. The requirements apply primarily to the largest players. The dozens of smaller companion platforms, where the worst security practices tend to be concentrated. These operate largely outside any meaningful regulatory framework.
What It Means for Users Right Now
The security picture across the AI companion category is not uniform. There are meaningful differences between platforms in how seriously they treat user data. Those differences matter when choosing where to invest your time and personal disclosures.
Platforms with end-to-end encryption, transparent data retention policies, and documented data deletion procedures provide meaningfully stronger protection than those that cannot clearly answer basic questions about how conversation data is stored and who can access it.
The presence of GDPR compliance documentation, particularly relevant for European-operated platforms, signals a baseline of data protection accountability that purely unregulated services do not have.
Among the platforms reviewed on Best AI Girls, we specifically evaluate privacy and security practices as part of our rating methodology. Platforms we have flagged with stronger privacy postures include My Lovely AI, which uses AES-256 message encryption and offers data deletion on request. LackChat AI, which also applies AES-256 encryption to stored messages. Dream Companion, which includes optional auto-deletion tools and confirms no third-party data sharing. flirtCAM.ai also operates under GDPR compliance through its European registration.
Platforms we have noted with privacy limitations include SpicyChat, where the Semantic Memory 2.0 system retains data derived from conversations even after individual messages are deleted by users. Swipey AI, where end-to-end chat encryption is not confirmed in the current public documentation.
These assessments are published transparently in our individual platform reviews and updated as platforms change their practices.
A Practical Security Checklist for AI Companion Users
You do not need to be a security researcher to meaningfully reduce your exposure. These steps address the most common practical risks:
Before signing up to any platform: Search the platform name alongside terms like “data breach,” “security,” and “privacy policy” to check for known issues before providing personal information or payment details.
Check for encryption: The platform’s privacy policy should explicitly confirm whether conversations are encrypted in storage and in transit. If it does not mention encryption, treat that as a red flag worth investigating before proceeding.
Review data retention terms: Understand how long conversations are stored after they are created. Whether they are used to train AI models, and whether deletion is guaranteed when you close your account. Some platforms retain data indefinitely by default.
Use a separate email address: Create a dedicated email account for AI companion platforms rather than using your primary address. This limits the exposure if a platform’s user database is compromised.
Avoid personally identifiable information in conversations: Do not share your full name, address, workplace, phone number, or financial details in chat sessions. Even on platforms with strong security practices, this is basic risk management.
Check billing discretion if it matters to you: Platforms vary significantly in how charges appear on bank statements. Some bill under the platform name; others use generic company names. Check this before subscribing if discretion is a practical consideration for you.
Review mobile app permissions: On iOS and Android, companion apps requesting access to contacts, precise location, or camera functions beyond what the app’s core features require should be treated with caution.
The Bigger Picture
The security problems in the AI companion space are not a reason to avoid the category. They are a reason to be selective about which platforms within it you trust with sensitive conversations.
The platforms that are investing in encryption, transparent data practices, and user control over their own data are building something genuinely different from those that are not. As regulatory frameworks develop, and they will, given the scale the category has now reached. The gap between responsible and irresponsible platforms will become more visible and more consequential.
At BestAIGirls.ai, privacy and security assessment is a core part of how we evaluate every platform we review. Our goal is to give you the information to make that judgment clearly, rather than finding out through a data breach notification that your most intimate conversations were less protected than you assumed.
Full privacy assessments for every reviewed platform are available in our individual platform reviews. Our complete AI companion safety guide covers everything you need to know before subscribing to any service in the category.
