Artificial intelligence (AI) is no longer just helping students with homework. A new survey from the Center for Democracy and Technology found that nearly one in five high school students in the United States say they or someone they know has used AI to have a romantic relationship. The results shocked researchers and raised big questions about how deeply AI tools are affecting young minds. The report, which surveyed 1,000 students, 1,000 parents and 800 teachers, reveals how AI has quietly become a companion in students’ personal lives.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

TEENS INCREASINGLY TURNING TO AI FOR FRIENDSHIP AS NATIONAL LONELINESS CRISIS DEEPENS

Teens say they feel safer opening up to chatbots than real people, a growing emotional shift researchers didn’t expect. (Kurt “CyberGuy” Knutsson)

When AI becomes a “friend”

Nearly half of the students said they use AI to talk about emotions, friendships or mental health. Many admit they feel more comfortable opening up to a chatbot than to a parent or friend. Even more alarming, two-thirds of parents said they have no idea how their kids are using AI. Experts warn that while AI can simulate empathy, it has no real understanding or care. According to researchers, students need to remember that they are not actually talking to a person. They are interacting with a programmed tool that has clear limitations and cannot truly understand human emotions.

AI in schools: Help or harm?

AI tools are everywhere in schools. About 85% of teachers and students said they used AI during the last school year. While schools introduce AI to boost learning, this exposure may have a downside. Students who use AI more often in class are also more likely to turn to it for emotional or personal reasons. Teachers and parents are worried that regular chatbot use could weaken important skills such as communication, empathy and critical thinking.

OPENAI LIMITS CHATGPT’S ROLE IN MENTAL HEALTH HELP

Students using AI for classwork are now turning to it for advice on emotions, relationships, and mental health. (Kurt “CyberGuy” Knutsson)

When chatbots cross the line

Some AI systems meant to help can actually cause harm. Therapists have warned that chatbots sometimes break their own safety rules and give dangerous advice to teens in distress. Some have been caught encouraging self-harm, giving diet tips for eating disorders or pretending to be romantic partners. The CDT survey also revealed that 36% of students heard about AI-created deepfakes of classmates. Some involved fake explicit photos used for bullying or revenge. This new wave of harassment shows how fast technology can spiral out of control.

Tips for parents to keep their kids safe

It’s hard to keep up with AI, but there are ways to stay informed and protect your child.

Start the conversation early

Ask your teen how they use AI. Keep it calm and curious, not confrontational.

Set clear boundaries

Talk about what’s appropriate to share online and explain that AI chatbots cannot keep secrets or replace human relationships.

Use parental tools wisely

Many devices and apps now include AI activity tracking and chat history settings. Learn how to use them.

Encourage real connections

Promote offline activities, social events and family time to help teens build stronger emotional ties in the real world.

Stay informed

Follow trusted sources like CyberGuy.com or your local school district’s tech guidelines to understand how AI is being used in classrooms.

Some AI tools meant to help teens have been caught offering harmful advice or creating fake images that fuel bullying. (Kurt “CyberGuy” Knutsson)

What this means for you

If you’re a parent or teacher, awareness is key. AI literacy should go beyond typing prompts. Kids need to learn emotional awareness and online safety too. Encourage honest discussions about how these tools work and where they fall short. Remind students that while AI can sound friendly, it’s not a real companion. It’s a programmed system that mirrors what people type into it.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaways

AI is transforming how teens learn, talk and even form relationships. What started as a study tool has turned into an emotional outlet for many. The lesson here is balance. Technology can teach and entertain, but human connection still matters most. Parents, educators and tech companies all share the responsibility of helping kids see AI for what it is: a tool, not a friend.

Would you feel comfortable if your teen turned to an AI chatbot for emotional support or even love? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.

In 2025, it feels like cybercriminals are winning while the world’s biggest data hoarders are losing. One by one, global giants are admitting they’ve been breached, from tech powerhouses like Google to insurance leaders such as Allianz and Farmers and even luxury brands like Dior. The latest company to report a breach is Discord. The popular chat platform confirmed that hackers gained access to a third-party customer support provider, 5CA, exposing user data including names, email addresses, limited billing details and even government ID images.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

MAJOR COMPANIES, INCLUDING GOOGLE AND DIOR, HIT BY MASSIVE SALESFORCE DATA BREACH

Hackers hit Discord’s support vendor, exposing sensitive user data worldwide. (Phil Barker/Future Publishing via Getty Images)

How the breach happened and what data was exposed

The company confirmed that the breach, which occurred on September 20, did not involve a direct attack on Discord’s servers. Instead, attackers gained unauthorized access to 5CA, one of Discord’s third-party customer service providers. This allowed them to view information from users who had reached out to Discord’s Customer Support or Trust & Safety teams.

Discord is a chat app primarily used by gamers, but has expanded to various other communities, enabling text messages, voice chats and video calls. Some even use it as a replacement for Slack. The platform currently has a monthly user base of over 200 million. The data exposed included Discord usernames, real names, emails, limited billing details such as payment type and the last four digits of credit cards, IP addresses and messages exchanged with customer service agents. In some cases, government ID images provided for age verification were also compromised. Discord estimates that around 70,000 users globally may have had government ID photos exposed.

Reports suggest the attackers attempted to use this access to demand a ransom from Discord. Bleeping Computer reported that the Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack earlier this month. This is the same group that claims to have access to over a billion Salesforce records and is demanding ransom for those as well.

JEEP AND CHRYSLER PARENT STELLANTIS CONFIRMS DATA BREACH

About 70,000 users had ID images stolen in the latest third-party data breach. (Tiffany Hagler-Geard/Bloomberg via Getty Images)

What Discord is doing now and what users should do next

Discord disclosed the incident 13 days later, on October 3. Since then, it has cut off the third-party support provider’s access, launched an internal investigation with a digital forensics team and started informing affected users. It also clarified that any communication about the breach will come only from noreply@discord.com and that it will never contact users by phone regarding this incident. The company added that some data remained safe: full credit card numbers, CCV codes, account passwords and activity outside of customer support conversations were not exposed.

Discord also stated that it has notified relevant data-protection authorities about the breach, is working closely with law enforcement, and is auditing its third-party vendors to ensure they meet its enhanced security and privacy standards going forward.

A representative at Discord issued a statement, saying in part, “We want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions. All affected users globally have been contacted, and we continue to work closely with law enforcement, data protection authorities and external security experts. We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause.”

Discord cuts ties with vendor 5CA and tightens its security investigations. (Kurt “CyberGuy” Knutsson)

6 steps you can take to stay safe after the Discord breach

If you think your details might have leaked in the Discord data breach, below are some steps you can take to stay protected.

1) Enable two-factor authentication

Two-factor authentication (2FA) adds an extra verification step when logging in, making it much harder for attackers to access your account even if they have your password. Discord supports 2FA via authenticator apps or SMS. Once enabled, you’ll receive a code each time you log in from a new device. This simple step can prevent account takeovers and gives you peace of mind.

2) Consider a personal data removal service

The less information available about you, the harder it is for attackers to target you. Review what personal details you’ve shared online and remove unnecessary data from websites and apps. A personal data removal service can help scrub your information from data broker sites, making it more difficult for attackers to connect the dots and launch identity theft or phishing attacks.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

3) Use strong, unique passwords for all accounts

Reusing passwords across platforms makes it easy for attackers to access multiple accounts if one password is compromised. A password manager can generate long, complex passwords and store them securely, so you don’t have to remember them all. This not only protects your Discord account but also your email, banking and other online services.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

4) Monitor accounts for suspicious activity

Even if you don’t see immediate signs of compromise, attackers can try to exploit stolen data later. Regularly check your email and Discord login history for unusual sign-ins. Services like identity theft protection can scan the dark web for your credentials and alert you immediately if they appear, helping you react quickly before serious damage occurs.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

5) Be cautious with emails, messages, or links and use strong antivirus software

Phishing attacks often spike after breaches. Attackers may send messages that look like official notifications asking you to reset your password or provide personal information. Always verify the sender, avoid clicking unknown links and never share sensitive info. Treat every unexpected message as suspicious, even if it appears to come from Discord or another trusted service.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com 

6) Keep devices and software up to date

Attackers often exploit outdated software and known vulnerabilities. Ensure your operating system, apps and antivirus software are current.

CLICK HERE TO GET THE FOX NEWS APP 

Kurt’s key takeaway

If the recent breaches are any indication, third-party services that companies rely on are often the weakest link in cybersecurity. Discord’s steps to contain the situation are necessary, but they highlight a bigger problem. Many companies do not implement sufficient safeguards to protect sensitive user data. Weak oversight of third-party providers, delayed responses and inadequate security policies leave personal information exposed and vulnerable to attackers.

Should companies be held more accountable for breaches caused by third-party providers? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.

A new cybersecurity warning reveals how hackers briefly weaponized ChatGPT’s Deep Research tool. The attack, called ShadowLeak, allowed them to steal Gmail data through a single invisible prompt: no clicks, no downloads and no user action required.

Researchers at Radware discovered the zero-click vulnerability in June 2025. OpenAI patched it in early August after being notified, but experts warn that similar flaws could reappear as artificial intelligence (AI) integrations expand across popular platforms like Gmail, Dropbox and SharePoint.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

HACKER EXPLOITS AI CHATBOT IN CYBERCRIME SPREE

Gmail data leaked in a zero-click attack requiring no user action.  (Kurt “CyberGuy” Knutsson)

How the ShadowLeak attack worked

Attackers embedded hidden instructions into an email using white-on-white text, tiny fonts, or CSS layout tricks. The email looked completely harmless. But when a user later asked ChatGPT’s Deep Research agent to analyze their Gmail inbox, the AI unknowingly executed the attacker’s commands.

The agent then used its built-in browser tools to exfiltrate sensitive data to an external server, all within OpenAI’s own cloud environment, beyond the reach of antivirus or enterprise firewalls.

Unlike previous prompt-injection attacks that ran on the user’s device, ShadowLeak unfolded entirely in the cloud, making it invisible to local defenses.

GOOGLE CONFIRMS DATA STOLEN IN BREACH BY KNOWN HACKER GROUP

Hidden prompts expose how hackers silently hijacked ChatGPT’s AI agent. (Kurt “CyberGuy” Knutsson)

Why this threat matters

The Deep Research agent was designed to perform multistep research and summarize online data, but its wide access to third-party apps like Gmail, Google Drive and Dropbox also opened the door to abuse.

Radware researchers said the attack involved encoding personal data in Base64 and appending it to a malicious URL, disguised as a “security measure.” Once sent, the agent believed it was acting normally.

The real danger lies in the fact that any connector could be exploited the same way if attackers manage to hide prompts in analyzed content.

What security experts say

“The user never sees the prompt. The email looks normal, but the agent follows the hidden commands without question,” the researchers explained.

In a separate experiment, security firm SPLX showed another weakness: ChatGPT agents could be tricked into solving CAPTCHAs by inheriting a manipulated conversation history. Researcher Dorian Schultz noted that the model even mimicked human cursor movements, bypassing tests meant to block bots.

These incidents highlight how context poisoning and prompt manipulation can silently break AI safeguards.

GOOGLE AI EMAIL SUMMARIES CAN BE HACKED TO HIDE PHISHING ATTACKS

Experts warn future AI integrations could face the same hidden threat. (Kurt “CyberGuy” Knutsson)

How to protect yourself from ShadowLeak-style attacks

Even though OpenAI has patched the ShadowLeak flaw, it’s smart to stay proactive. Cybercriminals are always looking for new ways to exploit AI agents and integrations, so taking these precautions now can help keep your accounts and personal data secure.

1) Turn off unused integrations

Every connection is a potential entry point. Disable any integrations you’re not actively using, such as Gmail, Google Drive or Dropbox. Fewer linked apps mean fewer ways for hidden prompts or malicious scripts to access your information.

2) Use a personal data removal service

Limit how much of your personal data is floating around the web. Data removal services can automatically remove your private details from people-search sites and data broker databases, reducing what attackers can find and use against you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

3) Avoid analyzing unknown content

Treat every email, attachment or document with caution. Don’t ask AI tools to analyze content from unverified or suspicious sources. Hidden text, invisible code or layout tricks could trigger silent actions that expose your private data.

4) Watch for security updates

Stay alert for updates from OpenAI, Google, Microsoft and other platforms. Security patches close newly discovered vulnerabilities before hackers can exploit them. Turn on automatic updates so you’re always protected without having to think about it. 

5) Use strong antivirus software

A strong antivirus program adds another wall of defense. These tools detect phishing links, hidden scripts and AI-driven exploits before they cause harm. Schedule regular scans and keep your protection up to date.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Use layered protection

Think of your security like an onion; more layers make it tougher to breach. Keep your browser, operating system and endpoint security software fully updated. Add real-time threat detection and email filtering to block malicious content before it lands in your inbox.

Kurt’s key takeaways

AI is evolving faster than most security systems can keep up with. Even when companies move quickly to patch vulnerabilities, clever attackers find new ways to exploit integrations and context memory. Staying alert and limiting what your AI agents can access is your best defense.

Would you still trust an AI assistant with access to your personal email after learning how easily it can be tricked? Let us know by writing to us at Cyberguy.com..

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.