An independent researcher found that the popular Chat & Ask AI app had left its Firebase security rules open to the public: anyone who knew the project URL could read the entire datastore without authentication. The same scanning effort found roughly half of 200 iOS apps examined shared the identical misconfiguration.
About 300 million user messages tied to roughly 25 million users were exposed; the developer locked the database down within hours of the 2026-02-09 disclosure.
Enforcing authenticated, least-privilege Firebase security rules and auditing them before release prevents anonymous access to the entire conversation store.
Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.
Request a demo