282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

Researchers analyzed 444 AI chatbot apps for iPhone and discovered that 282 of them exposed paid AI access through their network traffic. This exposure occurred due to sensitive information such as plaintext API keys, reusable tokens, or unsecured backend servers being visible in the app's network communications. As a result, an attacker who obtains this information can use it to send model requests on the developer's account. The vulnerability allows unauthorized access to the developer's paid AI services. The study found that nearly two-thirds of the tested apps were affected by this issue.