Why it matters
Network-traffic study reporting that many iOS AI chatbot apps exposed API keys, reusable tokens, or open proxy paths for paid AI access. It is a useful reminder that AI app security still depends on ordinary secrets management, backend enforcement, abuse monitoring, and client/server trust boundaries.
My takeaway: Never put AI provider credentials or reusable proxy access in a mobile client. AI features need the same backend authorization, rate limiting, and secret-handling discipline as any other paid service.