By Cybersecurity researchers are warning that weaknesses in artificial-intelligence platforms and mobile apps are creating new pathways for hackers to steal sensitive information from smartphones, exposing millions of users worldwide to fraud, surveillance and identity theft.
Recent security audits found that many AI-powered Android applications contain embedded credentials, exposed cloud storage links and insecure coding practices that attackers can exploit to gain access to private user data, according to cybersecurity researchers and published reports.
The findings are seen as AI tools become increasingly integrated into everyday mobile services, from chatbots and virtual assistants to photo editing, banking and productivity applications.
Researchers said 72% of AI-related applications contained at least one “hardcoded secret” which is sensitive credentials such as API keys or cloud access tokens embedded directly into app code. The researchers also found thousands of exposed Google Cloud and Firebase storage endpoints, some containing publicly accessible user files and databases.
Cybersecurity analysts say attackers are using several methods to exploit AI systems.
One growing tactic involves “jailbreaking” AI chatbots through deceptive prompts designed to bypass safeguards and manipulate systems into revealing confidential information or carrying out unauthorized actions. Other attacks use AI-generated phishing messages tailored with personal details harvested online, making scams more convincing and difficult to detect.
Security researchers also warned that autonomous AI agents, software systems capable of carrying out tasks with limited human oversight may be manipulated into executing malicious commands or exfiltrating credentials from connected devices.
Experts say AI is also accelerating the discovery of software vulnerabilities, enabling hackers to craft sophisticated “zero-click” attacks that can infect phones through calls, messages or media files without requiring any user interaction.
Separate investigations documented large-scale leaks involving AI services and chatbot platforms, including exposed chat logs, API credentials and improperly secured databases.
The risks are especially significant for smartphone users who install little-known AI applications or fail to regularly update their devices, cybersecurity specialists said.
Zimbabwean users, like consumers elsewhere, are being urged to immediately update operating systems and apps, remove untrusted AI software, enable two-factor authentication and avoid clicking suspicious links or granting remote access to devices.
Researchers also advised users to revoke unused API permissions, use reputable password managers and carefully review app permissions before installation.
Cybersecurity experts say stronger oversight by app stores and regulators will be necessary as AI-driven services continue to expand rapidly across mobile platforms.
“Hardcoding sensitive data into client-side apps remains one of the most dangerous security practices,” researchers said in the reports, warning that insecure AI ecosystems could expose vast amounts of personal and financial information if left unchecked.
Comments