Your Smart TV Could Be An Enslaved AI Web Scraping Bot

That free game installed on you living room TV might be doing more than keeping the family entertained. According to new report, some free smart TV apps may be quietly recruiting connected televisions into a massive commercial web-scraping network that feeds data directly to AI companies, using your home broadband internet connection to do it.

The subject at the center of this report, published by security firm Include Security and independent researcher "buchodi," is a software development kit built by Bright Data, formerly known as Luminati Networks. Bright Data sells access to what it claims is a network of more than 400 million residential IP addresses, reportedly to AI companies trying to scrape public web data for model training.

The clever (or shady, depending on you perspective) part is how those addresses were sourced. App developers embed Bright Data's SDK into their free applications, earning money per download. When a person installs the app, they see a prompt offering it for free in exchange for letting the app "use idle device resources." Accept the terms, and the TV becomes a relay point routing AI scraping traffic through the home connection.

The opt-in screen is technically asking for consent, but between clunky remote navigation and the appeal of free content, most people click through without fully understanding the terms. Another thing worth noting is the default data cap set by the SDK is 200 gigabytes per month, which is significant for households bound by data caps from their ISP.

Smart TVs are especially attractive targets compared to smartphones. A phone runs on battery power, moves constantly, and often triggers security software. A smart TV often sits in standby for many hours a day, always plugged in, always on the home Wi-Fi connection, with virtually no antivirus or oversight software watching what it does in the background. For a scraping operation, that profile is nearly ideal.

By reverse-engineering the SDK and examining its unauthenticated public configuration endpoint, buchodi exposed a partner manifest listing several major distribution players. The most significant is PlayWorks Digital, a company that builds casual games and interactive content baked directly into TV ecosystems. PlayWorks apps reach an estimated 250 million smart TV homes through partnerships with Samsung, LG, Vizio, Roku, Comcast, Cox, and Sky. Also named in the manifest are Rakuten's Viber, with 250 to 820 million monthly users across its messaging platform, and CloudTV, integrated across more than 125 TV brands and 15 OEMs. That is a broad reach for infrastructure most TV owners have never heard of. The affected platforms include Samsung Tizen and LG webOS, both of which historically lack the strict background-process restrictions that Apple and Google have introduced on mobile platforms.

This situation sits in a legal gray area, distinct from the criminal operations that accomplish the same goal by hijacking devices without any consent screen at all. Google and Mandiant dismantled one such botnet, IPIDEA, in January 2026. Security journalist Brian Krebs reported last October that a separate network called Aisuru was routing AI training traffic through millions of compromised consumer devices. Bright Data's model uses a consent screen instead of brute-force access, which keeps it out of criminal territory, but the practical effect on the home network is largely the same.

For anyone concerned about whether a TV falls into this category, the best defense is straightforward:

• Always read the opt-in prompts carefully on any free, ad-supported app before accepting.
• Check all app settings for a "resource sharing" or "bandwidth sharing" toggle and disable it if found.
• Stick to major premium streaming platforms to reduce exposure.
• Blocking the Bright Data hostnames at the router level is an option for more technically inclined households, with the specific domains documented in Include Security's original write-up.

One lesson from this research is that "free" apps aren't really free. Almost everything comes at a cost, and reading the fine print is required to figure out what those costs are. In this case, the small print reveals that your TV's idle resources are being used for scraping data and your home internet connection is sending packets to someone else's AI pipeline.