Hackathon Projects Show AI Wellness Apps Can Leak Sensitive User Info

The 2023 Cerebral breach exposed 3.1 million users’ sensitive mental health information, not through sophisticated attacks, but through marketing pixels that inadvertently transmitted emotional and psychological data to advertising platforms.

Standard marketing tools accessed data that should never have been accessible in that context. The developers didn’t think through what those pixels could reach in a mental health application.

This pattern is accelerating. AI wellness companions, digital journals that analyze emotions, and applications promising to “understand your feelings” are multiplying across app stores. Each creates security challenges that traditional frameworks aren’t designed to address.

Arun Kumar Elengovan has spent nine years at Okta building identity and access management systems that protect millions of users. When he joined the judging panel for DreamWare Hackathon 2025, a 72-hour competition where 29 teams built emotional AI applications, he applied the same threat modeling approach he uses for enterprise identity systems ...