DJI Romo Cloud Authorization Bug Reportedly Exposed Camera, Microphone, and Home-Mapping Data From Nearly 7,000 Robot Vacuums

February 8, 2026

An AI coder, while attempting to modify his DJI robot vacuum for control via a video game controller, allegedly found that credentials used to connect with DJI's cloud servers could potentially grant access to data from approximately 7,000 other vacuums worldwide. This sensitive information, including live camera feeds, microphone audio, maps, and status details, was reportedly exposed across 24 countries.

For those interested in ensuring responsible AI practices and guardrails for safe and secure systems, join us at the HISPI Project Cerebellum to Govern, Map, Measure, or Manage such incidents and contribute to the Trusted AI Model (TAIM) via our AI incident database.

JOIN US

Matched TAIM controls

Suggested mapping from embedding similarity (not a formal assessment). Browse all TAIM controls

MEASURE 2.10 — similarity 0.717, rank 1. TAIM detail and related incidents →
MAP 1.6 — similarity 0.710, rank 2. TAIM detail and related incidents →
MEASURE 2.6 — similarity 0.707, rank 3. TAIM detail and related incidents →

Alleged deployer: dji
Alleged developer: dji
Alleged harmed parties: dji-romo-owners

Source

Data from the AI Incident Database (AIID). Cite this incident: https://incidentdatabase.ai/cite/1389

Data source

Incident data is from the AI Incident Database (AIID).

When citing the database as a whole, please use:

McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.

Pre-print on arXiv · Database snapshots & citation guide

We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.