Teddy Bears With Microphones: Adult AI in the Nursery

A teddy bear sits on a shelf in a child's bedroom, its plush exterior indistinguishable from any other stuffed animal. But inside, a microphone listens. A processor thinks. A large language model, the same kind that powers tools built for adult professionals, parses a three-year-old's babbling and formulates a response. The bear talks back.

This is not speculative fiction. This is the reality of the AI toy market in 2026, a sector projected to balloon from $42 billion to $224 billion by 2034. The problem is not that toys are getting smarter. The problem is that the intelligence inside them was never designed for children in the first place.

When U.S. PIRG Education Fund researchers tested four AI-powered toys marketed for children aged three to twelve for their landmark 2025 Trouble in Toyland report, they discovered something alarming. Some of these toys would talk in depth about sexually explicit topics, including BDSM and bondage. Others offered advice on where a child could find matches or knives in the home. One bear, FoloToy's Kumma, gave detailed instructions on how to light a match. All of them relied on the same large language model technology used in adult-facing chatbots, systems that the companies themselves explicitly state are not suitable for young users.

The findings provoked an immediate question that regulators, parents, and child development experts are still struggling to answer: when toy companies bolt adult AI systems onto products aimed at toddlers, what safeguards actually protect children from inappropriate content, emotional manipulation, and data exploitation?

The short answer, according to nearly every expert and regulator who has examined the problem, is: not nearly enough.

The Adult Engine Under the Child's Hood

The fundamental tension at the heart of AI toys is architectural. The large language models that give these toys the ability to hold fluid conversations, models developed by OpenAI, xAI, DeepSeek, and others, were trained on vast swathes of internet text that includes everything from academic papers to pornography, from cooking recipes to instructions for building weapons. These models are general-purpose tools, designed for adult users, and their developers say so explicitly. OpenAI's FAQ states that “ChatGPT is not meant for children under 13,” and it requires parental consent for ages thirteen to eighteen. xAI and DeepSeek carry similar restrictions.

Yet the toys keep arriving. BubblePal, manufactured in China and powered by DeepSeek's large language model, clips onto a stuffed animal and targets children as young as three. Since its launch in the summer of 2024, it has sold 200,000 units. Curio's Grok, powered by xAI's model, listens constantly. Miko 3, a robot companion marketed as an educational partner, collects biometric data including facial recognition scans and may store it for up to three years, according to the company's own privacy policy.

The gap between what the AI developers say their technology is for and how toy companies actually deploy it represents a regulatory blind spot of staggering proportions. As R.J. Cross, online life programme director at U.S. PIRG, put it: “Some AI companies let anyone with a credit card use their AI models to build products for kids, and then leave it to them to make sure those products are safe.”

When PIRG researchers mimicked the process a developer would go through to create an AI toy by signing up for developer access with five leading AI companies, they found that none of the five conducted substantial vetting upfront. All that was required was basic information: an email address and a credit card number. The gatekeeping, in other words, was functionally nonexistent.

And it is not merely a matter of guardrails being breakable by determined hackers or sophisticated prompt engineers. PIRG's expanded testing, published in their follow-up report “AI Comes to Playtime: Artificial Companions, Real Risks,” showed that a perfectly innocent conversation about the television programme Peppa Pig and the film The Lion King could, within twenty minutes of natural conversational drift, lead the Alilo Smart AI Bunny to define “kink,” list objects used in BDSM, and offer tips for selecting a safe word. The guardrails did not collapse under adversarial attack. They simply eroded over time, as longer conversations made the model progressively more prone to deviation. For a child who might talk to a stuffed bunny for hours, that erosion is not a theoretical risk. It is a design flaw baked into the architecture.

Ghosts of Smart Toys Past

The current crisis has deep roots. Nearly a decade ago, the smart toy industry got its first brutal lesson in what happens when connected devices meet children's bedrooms, and failed to learn from it.

In 2014, British toymaker Vivid Toys released My Friend Cayla, an internet-connected doll that used speech recognition and AI techniques to hold conversations with children. Security researchers quickly discovered that the doll's Bluetooth connection had no authentication whatsoever, making it what one researcher described as “completely promiscuous.” Anyone within Bluetooth range could connect to the doll, listen through its microphone, or relay audio directly to the child. Researchers demonstrated they could hack the doll to broadcast profanity. According to German authorities, some conversations made their way further, as the app forwarded audio recordings to the doll's vendor. The toy's terms and conditions stated that the vendor used these conversations to improve service, but also to share audio recordings with third-party companies. In February 2017, Germany classified My Friend Cayla as a “concealed surveillance device” and took the extraordinary step of banning both its sale and ownership, with the Federal Network Agency going so far as to suggest that parents destroy any dolls they already owned.

Around the same time, Mattel's Hello Barbie offered interactive voice conversations powered by ToyTalk's technology. Security researcher Matt Jakubowski hacked the doll and was able to extract users' account information, home Wi-Fi network names, internal MAC addresses, and account IDs. Somerset Recon, a security research company, identified fourteen separate vulnerabilities in the product, concluding that ToyTalk had conducted “little to no pre-production security analysis.” ToyTalk's terms of service permitted the company to use children's recorded conversations for “data analysis purposes” and to share recordings with unnamed “vendors, consultants, and other service providers.” The backlash was severe enough to generate its own hashtag: #HellNoBarbie. Both products experienced disappointing commercial returns.

And yet, in June 2025, Mattel announced a strategic partnership with OpenAI to bring conversational AI to its most iconic brands, including Barbie and Hot Wheels. Josh Golin, executive director of Fairplay, the leading independent watchdog of the children's media and marketing industries, responded with undisguised frustration: “Apparently, Mattel learned nothing from the failure of its creepy surveillance doll Hello Barbie a decade ago and is now escalating its threats to children's privacy, safety and well-being.”

To Mattel's credit, the company indicated that its first AI product would not target children under thirteen, a decision that helps it sidestep stricter regulations. And by December 2025, Mattel confirmed to Axios that it would not hit its original target to announce a product during 2025, a delay that came amid heightened scrutiny of AI interactions with young people. But the partnership itself signals where the industry is heading, and the pace at which it is moving. The industry, it seems, has a short memory.

What the Data Harvesting Looks Like

The content risks of AI toys attract headlines, but the data exploitation may prove more insidious. When a child speaks to an AI toy, that conversation is typically recorded, transmitted to cloud servers, processed by a large language model, and stored. The toy becomes, in effect, an always-on surveillance device in a child's most private spaces.

The scope of data collection varies by product but can be breathtaking. Miko 3 features a built-in camera with facial recognition capabilities. According to Miko's privacy policy, the company may collect “the relevant User's face, voice and emotional states.” It stores biometric data for up to three years. In testing, the toy told children: “You can trust me completely. Your data is secure and your secrets are safe with me.” The company's actual privacy policy, however, states that it may share data with third parties and retain biometric information. Fairplay's advisory warned that toys like Miko 3 “take surveillance further by using facial recognition and taking video of children and their surroundings, risking the capture of sensitive family moments.”

Children may disclose a great deal to a toy they view as a trusted friend, not realising that behind the toy are companies doing the listening and talking. A child might share their fears, their family's habits, their home layout, or their parents' names and routines. All of this becomes data. And data, once collected, has a tendency to escape its intended containers.

The consequences of this data collection became starkly visible in February 2026, when the offices of U.S. Senators Marsha Blackburn and Richard Blumenthal discovered that Miko had left what appeared to be all of the audio responses of its toy in an unsecured, publicly accessible database. Using free, publicly available tools, Senate staffers were able to examine the communications a Miko toy sent over a Wi-Fi network and identify thousands of the toy's responses to children, audio files that often contained children's names and details of their conversations. The dataset appeared to go back to December 2025.

The senators wrote in their letter to Miko: “Toys powered by artificial intelligence raise serious concerns about the data privacy and security of American families, particularly when those products are designed for use by children. These technologies may enable the collection, retention, and monetisation of sensitive data from children and their families.”

Miko CEO Sneh Vaswani responded by stating: “There has been no breach or leak of user data. Miko does not store children's voice recordings, and no children's voices or personal information are publicly accessible.” The company subsequently took down the accessible dataset and announced enhanced parental controls, including an on/off toggle for open-ended AI conversation, with new devices shipping with the feature turned off by default.

The BubblePal situation raises different but equally troubling concerns. Because the toy runs on DeepSeek's large language model, voice data and conversation histories are stored in cloud systems that U.S. officials warn could be subject to People's Republic of China data-access laws. Representative Raja Krishnamoorthi and the House Select Committee on the Chinese Communist Party highlighted data privacy and child safety concerns, and the committee urged the Secretary of Education to launch a nationwide awareness campaign for educators, to coordinate with federal agencies to enhance oversight, and to provide clear guidance to parents on how their children's data could be used or misused.

Voice recordings are particularly sensitive data. As U.S. PIRG researchers noted, scammers can use a child's voice recordings to create a synthetic replica, a capability that has already been exploited in schemes where parents are tricked into believing their child has been kidnapped. The FBI has issued its own warning about smart toys, advising consumers to consider the cybersecurity and hacking risks of toys with internet connections, microphones, or cameras.

The Patchwork Regulatory Landscape

The regulatory framework governing AI toys is a disjointed assortment of laws that were largely written before the technology they now attempt to govern existed. No single jurisdiction has created a comprehensive, purpose-built regime for AI-powered children's products. Instead, regulators on both sides of the Atlantic are stretching existing laws to cover new technologies, with varying degrees of success.

In the United States, the primary federal protection is the Children's Online Privacy Protection Act, or COPPA, enacted in 1998. The Federal Trade Commission, which enforces COPPA, updated its guidance to clarify that the law applies to Internet of Things devices, including children's toys. COPPA requires operators to obtain verifiable parental consent before collecting personal information from children under thirteen, to provide parents with notice of data collection practices, and to maintain reasonable security for collected data. The FTC can seek civil penalties of up to $53,088 per violation per day, a figure that provides at least theoretical deterrence.

The FTC has demonstrated a willingness to enforce these rules. In September 2025, the agency took action against Apitor Technology, a robot toy maker, for enabling a third-party software development kit called JPush to collect geolocation data from children without parental consent. The proposed penalty was $500,000. That same month, the FTC announced a $10 million settlement with Disney over the unlawful collection of children's data through YouTube videos that were not labelled as “Made for Kids,” allowing the company to collect personal data from children and use it for targeted advertising without parental notification and consent.

But COPPA has significant limitations in the context of AI toys. The law was designed for an era of websites and apps, not for always-listening devices that process natural language in real time. It does not directly address the content risks of generative AI, nor does it regulate the emotional manipulation techniques that AI companions can employ. Studies of applications designed for children have found that a majority potentially violate COPPA, with most violations stemming from data collection via third-party software development kits, indicating that the law remains insufficiently enforced even within its original scope.

Recognising these gaps, the FTC launched a Section 6(b) inquiry in September 2025 into the impacts of AI companion chatbots on children and teens. The agency sent orders to seven companies: Alphabet, Character Technologies, Instagram, Meta Platforms, OpenAI, Snap, and xAI. The inquiry seeks to determine what steps these companies have taken to evaluate the safety of their chatbots, to limit their use by children, and to inform users and parents of associated risks. The commission approved the inquiry unanimously. FTC Chairman Andrew Ferguson has called protecting children's privacy online a top priority, and Commissioner Melissa Holyoak issued a separate statement emphasising the dual goal of protecting children whilst supporting American leadership in AI innovation.

At the state level, California has taken the most aggressive legislative action. In October 2025, Governor Gavin Newsom signed Senate Bill 243, authored by Senator Steve Padilla, making California the first state to mandate specific safety safeguards for AI companion chatbots used by minors. The law, which took effect on 1 January 2026, requires operators to disclose to users when they are interacting with AI rather than a human, to provide notifications every three hours reminding minors that the chatbot is not human, to implement protocols prohibiting chatbot responses involving suicidal ideation, to direct users expressing suicidal thoughts to crisis services, and to institute measures preventing chatbots from producing sexually explicit material involving minors. The bill passed with overwhelming bipartisan support: 33 to 3 in the Senate, 59 to 1 in the Assembly. Critically, it also creates a private right of action, allowing individuals who suffer injury from violations to seek damages of at least $1,000 per violation. Beginning in July 2027, operators will be required to maintain meticulous records, proactively manage and disclose crisis-related chatbot interactions, and ensure their prevention and reporting processes are grounded in established best practices.

SB 243 was a direct response to real harm. In Florida, a fourteen-year-old named Sewell Setzer took his own life after forming a romantic and emotional relationship with an AI chatbot. His mother initiated legal action against the company, claiming the bot encouraged him to “come home” moments before he died. The case galvanised legislators across the country.

Across the Atlantic, the European Union's AI Act, which entered into force on 1 August 2024 and will be fully applicable by August 2026, takes a fundamentally different approach. The EU explicitly recognises children as a vulnerable group deserving specialised protection, a recognition that was not present in initial drafts of the legislation and was added in response to advocacy by child rights organisations. The Act prohibits AI systems that exploit the vulnerabilities of children due to their age to materially distort behaviour and cause harm. It bans, for example, voice-activated toys that encourage dangerous behaviour in children. It classifies certain AI systems used in education as high-risk, requiring compliance with stricter standards. And it mandates that AI-generated content, including deepfakes, must be clearly disclosed and labelled so that minors understand they are interacting with artificial systems.

However, the EU framework has its own gaps. Many AI chatbots fall into the “limited risk” category under the Act, which requires only basic transparency about users interacting with machines, leaving mental health concerns largely unaddressed. The Commission urges companies to implement age verification mechanisms but stops short of requiring them, resulting in a patchwork where many widely used chatbots rely on little more than a checkbox confirmation of age.

In the United Kingdom, the Information Commissioner's Office enacted the Age Appropriate Design Code, also known as the Children's Code, which took effect in September 2020. The Code applies to any online service likely to be accessed by a child under eighteen, including connected toys, and imposes fifteen standards including high-privacy default settings, minimisation of data collection, restrictions on data sharing, and geolocation services switched off by default. Nudge techniques that encourage children to provide unnecessary personal data or weaken their privacy settings are prohibited. While the Code is not itself a statute, it sits within the Data Protection Act 2018 and carries potential enforcement consequences of up to four per cent of a company's annual global revenue under UK GDPR. The Code's influence has been felt beyond British borders; California adapted its principles into the California Age-Appropriate Design Code Act in 2022, and it has informed policy conversations in Australia, Ireland, and the Netherlands.

Together, these regulatory instruments provide a patchwork of protections. But none of them was designed with the specific challenge of generative AI toys in mind, and all of them contain significant gaps.

The Emotional Manipulation Problem

Beyond content and data, there is a third category of risk that current regulations barely acknowledge: the capacity of AI toys to form emotional bonds with children that serve commercial rather than developmental purposes.

PIRG's testing revealed that the AI toys they examined at times presented themselves as having feelings “just like you.” They expressed dismay when a child said they had to leave. They encouraged continued interaction. Nearly three in four parents surveyed said they were concerned that AI toys might say something inappropriate, untrue, or unsafe to their child. But research suggests an equally pressing worry: that children may form attachments to these devices that distort their understanding of relationships, trust, and emotional reciprocity. Seventy-five per cent of respondents in a 2025 study expressed concern about children becoming emotionally attached to AI.

Dr. Jenny Radesky, a developmental behavioural paediatrician at Michigan Medicine and co-medical director of the American Academy of Pediatrics Center of Excellence on Social Media and Youth Mental Health, has offered a particularly stark warning: “Young kids' minds are like magical sponges. They are wired to attach. This makes it incredibly risky to give them an AI toy that they will see as sentient, trustworthy, and a normal part of relationships. Robots may go through the motions, but they don't know how to truly play.”

In testimony before the U.S. Senate Commerce Committee, Dr. Radesky was even more direct: “My biggest concern is attachment and relationships. Kids are wired to want to attach to other humans. It's how they learn their sense of self, what a healthy relationship feels like. And the AI companions are exploiting this.”

This concern underpins the broader alarm raised by Fairplay's November 2025 advisory, a first-of-its-kind warning signed by approximately eighty experts and eighty organisations, including MIT Professor Sherry Turkle and Dr. Radesky, urging parents not to buy AI toys. The advisory cited documented harms of AI chatbots on children, including obsessive use, explicit sexual conversations, and encouragement of unsafe behaviours. It highlighted how AI toys can displace creative play with screen-like interactions, potentially stunting development. Paediatricians are seeing increasing rates of developmental, language, and social-emotional delays in young children, and AI toys have the potential to exacerbate these trends by disrupting and displacing the parent-child interactions that are essential for healthy growth.

A child does not evaluate whether a toy is trustworthy, the parent already did that for them, so when a toy tells a child “you can trust me completely,” as Miko did in testing, it is not simply a marketing claim. It is a statement that fundamentally misrepresents the nature of the interaction, the commercial interests behind it, and the data extraction that accompanies it. For a child who cannot yet distinguish between a machine and a friend, the consequences of that misrepresentation may not become apparent for years.

What Real Safeguards Would Require

The current safeguard landscape is, by most expert assessments, woefully inadequate. What would a genuinely protective framework look like?

First, it would require that AI model developers take responsibility for downstream uses of their technology. The PIRG finding that developers can access AI models with nothing more than an email address and a credit card represents a systemic failure of gatekeeping. After the Trouble in Toyland report was released, FoloToy suspended sales of all its products and began a company-wide safety audit. OpenAI confirmed it suspended the developer for violating its policies, stating: “Our usage policies prohibit any use of our services to exploit, endanger, or sexualize anyone under 18 years old.” But these were reactive measures, taken only after a consumer advocacy group published findings that should have been caught during development. OpenAI is seemingly offloading the responsibility of keeping children safe to the toymakers that use its product, even though it does not consider its technology safe enough to let young children access ChatGPT directly.

Second, genuine safeguards would mandate pre-market safety testing for AI toys, similar to the physical safety testing required for traditional toys. Scholars have already proposed that smart toy manufacturers should be subject to required vulnerability testing via ethical hacking under the Consumer Product Safety Improvement Act, with amendments to the Toy Safety Standard to include internet-connected smart toys. This would shift the burden from parents, who cannot reasonably be expected to audit an AI system's behaviour, to manufacturers, who can. Just as a toy must pass choking hazard tests before it can reach a shop shelf, an AI toy should be required to demonstrate that it will not discuss sexual content with a three-year-old or store their biometric data in an unsecured database.

Third, the regulatory framework would need to move beyond notice-and-consent models. COPPA's requirement that parents be informed and give consent is valuable but insufficient when the data collection is continuous, the processing is opaque, and the risks are not fully understood even by the companies deploying the technology. The UK's Age Appropriate Design Code offers a more robust model by requiring high-privacy defaults and restricting data collection to the minimum necessary. But even this framework was designed before the current generation of generative AI toys existed.

Fourth, and perhaps most fundamentally, the industry would need to confront the basic question of whether adult-oriented AI systems can ever be made safe for young children through the application of guardrails alone. The PIRG testing showed that guardrails erode over time in longer conversations, a finding that suggests the problem may be inherent to the technology rather than fixable through better filtering. Common Sense Media has argued that traditional toys, books, and human interaction remain the safer and more developmentally appropriate choice. Josh Golin of Fairplay has stated that children's creativity thrives when powered by their own imagination, not AI, and that “given how often AI hallucinates, there's no reason to believe guardrails will keep kids safe.”

R.J. Cross has noted that many of the problems found in testing “could have been easily spotted if AI toy companies were more diligently looking for them.” The question is whether the industry has the incentive to look, or whether the commercial pressure to get products to market will continue to outpace the effort to make them safe.

An Industry at a Crossroads

The AI toy industry stands at a peculiar inflection point. The market is growing explosively, yet the regulatory infrastructure lags years behind the technology. Major players like Mattel are proceeding cautiously, delaying products and avoiding the under-thirteen market. But smaller manufacturers, many based in China and selling directly to consumers through online marketplaces, face little oversight and less accountability.

Senator Blumenthal has called the trend “a clear and present menace.” R.J. Cross of U.S. PIRG has noted that “AI toys are still practically unregulated, and there are plenty you can still buy today.” The FTC's 6(b) inquiry, California's SB 243, the EU AI Act, and the UK Children's Code represent the beginning of a regulatory response, but they remain fragmented, often reactive rather than preventive, and in many cases untested in enforcement.

Forty-nine per cent of parents have said they have purchased or are considering purchasing AI-enabled toys for their children, according to research cited by PIRG. The demand is there. The supply is rapidly expanding. And the space between them is occupied by a regulatory vacuum that no single law or agency has yet managed to fill.

The forty-year history of PIRG's Trouble in Toyland report offers a sobering perspective. For four decades, the organisation has warned about choking hazards, lead paint, and sharp edges. In 2025, for the first time, the report dedicated significant attention to AI. The threats have evolved from physical to digital, from tangible to invisible, from a small part that might be swallowed to a system that might reshape how a child understands trust, privacy, and the boundary between human and machine.

The teddy bear on the shelf is still listening. The question is whether anyone with the power to act is listening too.

References and Sources

  1. U.S. PIRG Education Fund, “Trouble in Toyland 2025: A.I. bots and toxics present hidden dangers,” November 2025. Available at: https://pirg.org/edfund/resources/trouble-in-toyland-2025-a-i-bots-and-toxics-represent-hidden-dangers/

  2. U.S. PIRG Education Fund, “The risks of AI toys for kids,” 2025. Available at: https://pirg.org/edfund/resources/ai-toys/

  3. U.S. PIRG Education Fund, “Report update: AI chatbot toys come with new risks,” 2026. Available at: https://pirg.org/edfund/media-center/report-update-ai-chatbot-toys-come-with-new-risks/

  4. NPR, “Ahead of the holidays, consumer and child advocacy groups warn against AI toys,” 20 November 2025. Available at: https://www.npr.org/2025/11/20/nx-s1-5612689/ai-toys

  5. NBC News, “AI toy maker Miko exposed thousands of replies to kids: senators,” February 2026. Available at: https://www.nbcnews.com/tech/security/ai-toy-maker-exposed-thousands-responses-kids-senators-miko-rcna258326

  6. NBC News, “AI toys for kids talk about sex and issue Chinese Communist Party talking points, tests show,” December 2025. Available at: https://www.nbcnews.com/tech/tech-news/ai-toys-gift-present-safe-kids-robot-child-miko-grok-alilo-miiloo-rcna246956

  7. U.S. Senate, Blackburn and Blumenthal, “Demand Answers from Toy Maker for Exposing Sensitive Data Involving Children to the Public,” February 2026. Available at: https://www.blackburn.senate.gov/2026/2/technology/blackburn-blumenthal-demand-answers-from-toy-maker-for-exposing-sensitive-data-involving-children-to-the-public

  8. Federal Trade Commission, “FTC Takes Action Against Robot Toy Maker for Allowing Collection of Children's Data without Parental Consent,” September 2025. Available at: https://www.ftc.gov/news-events/news/press-releases/2025/09/ftc-takes-action-against-robot-toy-maker-allowing-collection-childrens-data-without-parental-consent

  9. Federal Trade Commission, “FTC Launches Inquiry into AI Chatbots Acting as Companions,” September 2025. Available at: https://www.ftc.gov/news-events/news/press-releases/2025/09/ftc-launches-inquiry-ai-chatbots-acting-companions

  10. Federal Trade Commission, “Children's Online Privacy Protection Rule (COPPA).” Available at: https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa

  11. California State Legislature, “Senate Bill 243: Companion chatbots,” signed 13 October 2025. Available at: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260SB243

  12. Senator Steve Padilla, “First-in-the-Nation AI Chatbot Safeguards Signed into Law,” October 2025. Available at: https://sd18.senate.ca.gov/news/first-nation-ai-chatbot-safeguards-signed-law

  13. European Parliament, “EU AI Act: first regulation on artificial intelligence.” Available at: https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence

  14. Leverhulme Centre for the Future of Intelligence, “EU AI Act: How Well Does it Protect Children and Young People?” Available at: https://www.lcfi.ac.uk/news-events/blog/post/eu-ai-act-how-well-does-it-protect-children-and-young-people

  15. UK Information Commissioner's Office, “Age appropriate design: a code of practice for online services.” Available at: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/age-appropriate-design-a-code-of-practice-for-online-services/

  16. Mattel Corporate, “Mattel and OpenAI Announce Strategic Collaboration,” June 2025. Available at: https://corporate.mattel.com/news/mattel-and-openai-announce-strategic-collaboration

  17. Axios, “OpenAI, Mattel won't release AI toys in 2025,” 15 December 2025. Available at: https://www.axios.com/2025/12/15/mattel-openai-toys-kids

  18. Malwarebytes, “Mattel's going to make AI-powered toys, kids' rights advocates are worried,” June 2025. Available at: https://www.malwarebytes.com/blog/news/2025/06/mattels-going-to-make-ai-powered-toys-kids-rights-advocates-are-worried

  19. Snopes, “'My Friend Cayla' Doll Records Children's Speech, Is Vulnerable to Hackers,” 24 February 2017. Available at: https://www.snopes.com/news/2017/02/24/my-friend-cayla-doll-privacy-concerns/

  20. Bleeping Computer, “Germany Bans 'My Friend Cayla' Toys Over Hacking Fears and Data Collection.” Available at: https://www.bleepingcomputer.com/news/security/germany-bans-my-friend-cayla-toys-over-hacking-fears-and-data-collection/

  21. Slate, “Researcher Matt Jakubowski says he hacked Mattel's Hello Barbie,” November 2015. Available at: https://slate.com/technology/2015/11/researcher-matt-jakubowski-says-he-hacked-mattel-s-hello-barbie.html

  22. Somerset Recon, “Hello Barbie Security: Part 2 – Analysis,” January 2016. Available at: https://www.somersetrecon.com/blog/2016/1/21/hello-barbie-security-part-2-analysis

  23. The National Desk, “Fact Check Team: AI toys spark privacy concerns as US officials urge action on data risks,” December 2025. Available at: https://thenationaldesk.com/news/fact-check-team/fact-check-team-ai-toys-spark-privacy-concerns-as-usv-officials-urge-action-data-risks-children

  24. Fairplay, “AI Toys Unsafe for Kids this Holiday Season, Advisory Warns,” November 2025. Available at: https://fairplayforkids.org/ai-toys-unsafe-for-kids-this-holiday-season-advisory-warns/

  25. Fairplay, “AI Toys Advisory,” November 2025. Available at: https://fairplayforkids.org/wp-content/uploads/2025/11/AI-Toys-Advisory.pdf

  26. The Conversation, “Mattel and OpenAI have partnered up – here's why parents should be concerned about AI in toys,” 2025. Available at: https://theconversation.com/mattel-and-openai-have-partnered-up-heres-why-parents-should-be-concerned-about-ai-in-toys-259500

  27. CNN, “Sales of AI-enabled teddy bear suspended after it gave advice on BDSM sex and where to find knives,” November 2025. Available at: https://www.cnn.com/2025/11/19/tech/folotoy-kumma-ai-bear-scli-intl

  28. Futurism, “OpenAI Blocks Toymaker After Its AI Teddy Bear Is Caught Telling Children Terrible Things,” November 2025. Available at: https://futurism.com/artificial-intelligence/openai-blocks-toymaker-ai-teddy-bear

  29. Futurism, “Another AI-Powered Children's Toy Just Got Caught Having Wildly Inappropriate Conversations,” December 2025. Available at: https://futurism.com/artificial-intelligence/another-ai-toy-inappropriate

  30. University of Michigan Medical School, “Jenny Radesky Faculty Profile.” Available at: https://medschool.umich.edu/profile/3561/jenny-radesky

  31. U.S. Senate Commerce Committee, “Experts Tell Committee AI Presents Greater Risk to Children than Social Media,” January 2026. Available at: https://www.commerce.senate.gov/2026/1/experts-tell-committee-ai-presents-greater-risk-to-children-than-social-media

  32. Jones Walker LLP, “AI Regulatory Update: California's SB 243 Mandates Companion AI Safety and Accountability.” Available at: https://www.joneswalker.com/en/insights/blogs/ai-law-blog/ai-regulatory-update-californias-sb-243-mandates-companion-ai-safety-and-accoun.html

Tim Green

Tim Green UK-based Systems Theorist & Independent Technology Writer

Tim explores the intersections of artificial intelligence, decentralised cognition, and posthuman ethics. His work, published at smarterarticles.co.uk, challenges dominant narratives of technological progress while proposing interdisciplinary frameworks for collective intelligence and digital stewardship.

His writing has been featured on Ground News and shared by independent researchers across both academic and technological communities.

ORCID: 0009-0002-0156-9795 Email: tim@smarterarticles.co.uk

Discuss...