“As a toy manufacturer, the safety of children must be your highest priority. Toys powered by artificial intelligence raise serious concerns about the data privacy and security of American families, particularly when those products are designed for use by children. These technologies may enable the collection, retention, and monetization of sensitive data from children and their families, raising troubling questions about data mining practices and the use of that information. Children lack the ability to understand or consent to how their data may be stored, shared, or ultimately used without their knowledge. The risks are further exacerbated with chatbot features capable of generating inappropriate, manipulative, or emotionally coercive messages, particularly when those systems encourage prolonged engagement or make it difficult for children to disengage.”

“Based on your responses, the staff of our offices conducted cybersecurity testing of a Miko 3 robot through a network capture of its communications with Miko, Inc. services. On that preliminary testing, we found that Miko, Inc. had left accessible to the public what appears to be all of the audio responses of the toy, providing anyone the ability to download Miko’s portion of thousands – if not tens of thousands – of discussions with children going back to December 2025. This basic cybersecurity lapse, and the toys’ frequent communications back to Miko, Inc., call into question whether your company adequately protects the privacy and security of children’s and the toy’s data, and whether it engages in the data minimization practices promised in its response to our letter.”