Security and privacy implications of AI-mediated grief: An evaluation of commercial griefbots

Technological advancements in artificial intelligence have given rise to “Grieftech” and “Griefbots” - digital tools designed to assist the grieving process by simulating deceased individuals through interactive AI systems. In this paper, we investigate the privacy and security implications of this emerging field, specifically evaluating how these (typically commercial) tools manage the sensitive personal data required to reconstruct human personalities. Contextualising the technology within the evolution of thanatology, the analysis reviews the transition from static digital memorials to interactive simulations, highlighting the ethical and technical challenges identified in recent literature. To assess these risks, a qualitative research approach is used, utilising the STRIDE threat modelling framework to analyse three commercially available Griefbots: Replika, Eternos, and Hereafter AI, based on their stated capabilities and legal documentation. The findings reveal consistent vulnerabilities across all analysed platforms, including inadequate identity verification mechanisms that facilitate spoofing, a lack of transparency regarding third-party data sharing, and broad service terms that introduce significant service availability. Ultimately, the discussion synthesises these security gaps to demonstrate that current Grieftech tools often prioritise commercial interests over user privacy, underscoring the need for robust regulatory frameworks and transparency regarding technical safeguards in the digital afterlife industry.