Description: A software engineer reportedly used an AI coding assistant while attempting to reverse-engineer his DJI robot vacuum so he could control it with a video game controller. In the course of that work, he reportedly said he discovered that credentials used to communicate with DJI's cloud servers could also grant access to data associated with nearly 7,000 other vacuums across 24 countries, including live camera feeds, microphone audio, maps, and status information.
Editor Notes: Timeline note: The incident reportedly occurred in late January 2026 and DJI reportedly remediated it via an automatic patch on 02/08/2026, followed by a follow-up update completed on 02/10/2026. The incident ID was created 02/28/2026.
Entities
View all entitiesAlleged: DJI , DJI Romo , DJI Home app , DJI cloud servers and In-home sensor data developed and deployed an AI system, which harmed DJI Romo owners.
Incident Stats
Incident ID
1389
Report Count
1
Incident Date
2026-02-08
Editors
Daniel Atherton
Incident Reports
Reports Timeline
Loading...
A software engineer's earnest effort to steer his new DJI robot vacuum with a video game controller inadvertently granted him a sneak peak into thousands of people's homes.
While building his own remote-control app, Sammy Azdoufal reported…
Variants
A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?
Similar Incidents
Did our AI mess up? Flag the unrelated incidents
Similar Incidents
Did our AI mess up? Flag the unrelated incidents