According to Nagli on Twitter, a public Firestore endpoint for project rentahuman-prod exposed full user records via a direct GET request to firestore.googleapis.com/v1/projects/rentahuman-prod/databases/(default)/documents/humans?pageSize=300. As reported by the tweet, the Firebase config was embedded in homepage JavaScript, enabling unauthenticated access. According to Google Firebase documentation cited by industry reports, improperly configured Firestore rules can allow read access to collections without auth, creating high-severity data exposure risks for AI-driven apps that store user data alongside model interaction logs. For AI product teams, the immediate business impact includes regulatory exposure, reputational damage, and model retraining data leakage; remediation should include tightening Firestore security rules to require auth, rotating API keys, auditing access logs, and implementing backend proxies for model and user data, as recommended by Firebase security guidance and standard OWASP API best practices.

According to Google Gemini (@GeminiApp), the company has launched a new beta feature that emphasizes privacy in its Personal Intelligence AI, allowing users to selectively connect other Google apps to Gemini. This feature is off by default, giving users granular control over which apps are linked and the ability to disable integration at any time (source: GeminiApp, 2026-01-14). This approach highlights a growing trend in AI where user privacy and data control are prioritized, directly addressing business concerns regarding sensitive data management in enterprise AI deployments. The move opens new business opportunities for privacy-centric AI solutions and could set a standard for secure AI app integration in the industry.