As smart, AI-enabled gadgets become some of the most popular gifts this holiday season, families are unknowingly expanding their digital attack surface, writes Anne Cutler, Cybersecurity Expert at Keeper Security.
From connected toys and wearables to voice assistants and home cameras, many of these devices are effectively small computers, equipped with microphones, sensors, and constant internet access. To make matters worse, they are often sold with minimal security enabled by default.
From behavioural tracking to hidden software vulnerabilities, these modern devices may appear harmless, but in reality they can pose genuine risks to the privacy and security of families. Taking a few proactive steps to secure home networks and connected gadgets can help ensure the magic of the season does not come at the expense of online safety.
One of the most common mistakes families make is trusting default passwords and factory settings. Cybercriminals actively scan the internet for unsecured devices, knowing that many users never change default credentials. Every connected device should have a strong, unique password, and any AI personalisation or data collection features should be reviewed and limited from day one.
Securing the home network itself is critical. Once a single device is compromised, it can expose everything else connected to it. Families should use strong Wi-Fi passwords, enable encryption, and, where possible, place smart toys and home assistants on a separate guest or IoT network.
Before a child starts using a new toy or wearable, parents should take time to review its privacy controls. Disable unnecessary access to cameras or microphones, restrict data sharing, and check whether recordings or interactions are used to train external AI models. If it is unclear where data is stored, how long it is retained, or who it is shared with, that uncertainty alone should be treated as a warning sign.
Keeping devices updated is equally important, as manufacturers regularly release patches that address security flaws or unsafe AI behaviour. Parental controls, many of which now rely on AI themselves, should also be configured carefully, with a clear understanding of how they filter content or manage interactions.
Most importantly, parents should speak openly with their children about cybersecurity and AI safety, encouraging them to raise concerns if a device behaves unexpectedly or makes them uncomfortable.
AI-enabled toys introduce risks that traditional connected devices simply do not pose, because they can interpret, respond to, and act on inputs in unpredictable ways.
Key risks parents should be aware of include:
?Hallucinations or unsafe responses. Some lower-cost smart devices rely on unstable or poorly vetted AI models. Early interactions should be monitored closely, and unsafe features disabled.
?Data leakage. Devices that send user interactions back to vendors for “model improvement” may expose sensitive information.
?Breach-related cyber attacks. Stolen data, including children’s voices, photos, or videos, can be used for phishing, voice impersonation, or deepfake content.
Connected devices are now a permanent part of family life, and they should be treated with the same care as any other internet-facing system. By staying informed and vigilant, families can enjoy the holiday season with confidence, balancing the excitement of new technology with a secure and privacy-conscious digital home.
Author biography:
Anne Cutler is a Cyber Security Expert at Keeper Security. Prior to taking on the role at Keeper, she led technology and cybersecurity communications in the private sector and for the US government.
