Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic.
In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no key at all.
Whoever grabs it can send model requests on the developer's account,
Source: TheHackerNews
Source Link: https://thehackernews.com/2026/06/282-ios-apps-found-leaking-llm-api-keys.html