Based on reporting by The Hacker News →
Introduction
A new traffic analysis of 444 AI chatbot apps for iPhone reveals that nearly two-thirds of them ship with API keys or backend access tokens exposed in plaintext. The result: anyone who can monitor the app’s network traffic can drain the developer’s AI budget or proxy expensive model access.
The problem
Researchers tested 444 AI chatbot applications available on the iOS App Store and found that 282 of them — roughly 64 percent — leaked paid AI access credentials through their network traffic, according to a report by The Hacker News. In many cases, the vulnerable path was trivially discoverable: plaintext API keys in the request, reusable tokens, or backend endpoints that accepted requests with no authentication at all. An attacker who captures that traffic can impersonate the developer and send model requests on the developer’s account, effectively hijacking the billing meter.
Consequences
The direct financial risk is that an attacker can run up large inference costs on the developer’s OpenAI or equivalent account before the bill is even noticed. Beyond the direct cost, the exposure of API keys can lead to data leakage if the attacker queries the model with sensitive information or exfiltrates the developer’s own conversation logs. For end users of these apps, the leak signals weak security posture — user data traveling over the same channels is also at risk of interception or manipulation.