Is it safe to upload your photos to AI tools? What 2026 is teaching us

An AI photo app leaked user images, models, and source code in 2025. Meanwhile browsers learned to run AI on-device. Here's how to tell which tools are safe — and why the safest ones never ask you to upload.

By Muhammad TahirMay 25, 20265 min readprivacyaisecurity

In September 2025, security researchers at Trend Micro disclosed something uncomfortable about a popular AI-powered photo and video enhancement app, Wondershare RepairIt. The app's binary shipped with hardcoded cloud access tokens — credentials baked right into the downloadable program — that granted read and write access to the company's cloud storage. Inside that storage sat user photos the app's own privacy policy claimed it didn't retain, alongside the company's AI models, software binaries, container images, and source code.

The flaws were serious enough to earn two CVEs — CVE-2025-10643 and CVE-2025-10644, with CVSS scores of 9.1 and 9.4. And the worst part wasn't even the leaked photos. Because the app automatically downloads and executes AI models from that same unsecured storage, an attacker with write access could have swapped in a poisoned model and quietly infected everyone who used the tool — a textbook AI supply-chain attack (Trend Micro's full writeup).

It's a single incident, but it's not an outlier. It's the predictable result of an architecture almost every "free AI tool" shares.

The pattern behind most AI tools

When you use a typical AI image upscaler, background remover, or "fix my blurry photo" tool, here's what happens: your photo uploads to the company's server, a model processes it there, and the result downloads back to you. That's the whole design. The moment you click "upload," your file is on someone else's computer.

Everything after that depends on decisions you can't see and didn't make:

Do they delete your file after processing, or keep it? RepairIt's policy said one thing; the storage bucket said another.
How good is their security? A single hardcoded credential or misconfigured bucket exposes everything.
Who else can read it? Analytics partners, model-training pipelines, subcontractors.
What happens in a breach? Your tax document, medical scan, or private photo is in the blast radius.

For a meme you were going to post anyway, none of this matters. For anything you'd hesitate to email a stranger, all of it does. And in 2026 this isn't a fringe worry — analysts now describe "shadow AI," where employees paste confidential data into public AI tools, as one of the year's defining data-governance problems. Regulators agree: the UK's Information Commissioner's Office has started treating AI data security as a present-day duty under GDPR, not a future one.

The good news: your browser learned to do this itself

Here's the shift that makes 2026 genuinely different. The browser no longer needs a server to run AI.

Google now ships built-in AI in Chrome — a family of APIs (Prompt, Summarizer, Translator, Language Detector, Writer, Rewriter, and Proofreader) powered by an on-device model called Gemini Nano. Per Chrome's own documentation, these models are downloaded once and run locally, and Google lists "increased user privacy" as a primary reason: your input never leaves the device. The same generation of web platform features — WebAssembly, WebGPU, and WebNN — lets any website run neural networks on your own hardware, no cloud round-trip required.

This is the same insight SnapTools was built on. You don't need to send a photo to a server to remove its background or upscale it — you need to run the right model where the photo already is. So that's what we do:

Our background remover runs a real neural network in WebAssembly, inside your tab. The photo never uploads.
Our image upscaler sharpens and enlarges images 2×–4× using Lanczos resampling on the Canvas API — entirely on your device.
Even mundane jobs like converting HEIC to JPG, compressing images, or merging PDFs happen in memory, locally.

Open your browser's network tab while you use any of them and watch: zero requests fire to carry your file anywhere, because there's no server on the other end to receive it. (The AI tools fetch their model once from a CDN the first time you use them — that's a public file download, not your private data going out.)

How to tell if a tool is uploading your files

You don't have to take anyone's word for it — including ours. Here's a 30-second check that works on any web tool:

Open the tool's page, then open your browser's Developer Tools (F12 or right-click → Inspect) and go to the Network tab.
Clear the existing entries.
Use the tool — drop in a file and run it.
Watch the Network tab. If you see a large outbound request (often a POST) the size of your file, it's uploading. If nothing the size of your file leaves, it's processing locally.

A genuinely local tool will show, at most, a one-time model or library download — never a request that grows with your file. This single habit will tell you more about a tool's privacy than any policy page.

Where cloud AI still makes sense

To be fair, on-device isn't always the right answer, and pretending otherwise would be dishonest:

Huge models. The frontier image and video generators are far too large to run in a browser tab. On-device AI shines for focused jobs — background removal, upscaling, summarizing — not for "generate a photorealistic scene from a paragraph."
Your device does the work. A big upscale takes a few seconds on a phone instead of being instant on a server GPU. The trade is privacy for a little patience.
Memory ceilings. Browser tabs cap out around a few gigabytes, so truly enormous files still need other approaches.

The point isn't that the cloud is evil. It's that uploading should be a deliberate choice, not the default — and for the everyday image and document work most people actually do, the browser is now more than capable of keeping that work on your machine.

The takeaway

The RepairIt leak and Chrome's built-in AI are two sides of the same 2026 story. One shows what happens when your files live on someone else's server by default. The other shows that, increasingly, they don't have to. The technology to run AI privately, on your own device, is no longer experimental — it's shipping in the browser you already have.

Next time a tool asks you to upload a photo, it's worth asking why it needs to. Often, it doesn't. If you'd like to try the on-device version, our AI image tools are a good place to start — no upload, no account, nothing to leak.

Sources: Trend Micro — AI-Powered App Exposes User Data, The Hacker News — Two Critical Flaws in Wondershare RepairIt, Chrome for Developers — Built-in AI.