Rabbit and its R1 AI gadget are nether occurrence again, and it’s overmuch much superior than nan clip we recovered retired its launcher really could conscionable beryllium installed arsenic an Android app. A group of developers and researchers called Rabbitude says it discovered API keys hardcoded successful nan company’s codebase, putting delicate accusation astatine consequence of falling into nan incorrect hands.
These keys fundamentally provided entree to Rabbit’s accounts pinch third-party services for illustration its text-to-speech supplier ElevenLabs and — as confirmed by 404 Media — nan company’s SendGrid account, which is really it sends emails from its rabbit.tech domain. According to Rabbitude, its entree to these API keys — peculiarly nan ElevenLabs API — meant it could entree each consequence ever fixed by R1 devices. That is Bad pinch a superior b.
Rabbitude published an article yesterday saying that it gained entree to nan keys complete a period agone but that contempt knowing astir nan breach, Rabbit did thing to unafraid nan information. Since then, nan group says its entree to astir of nan keys has been revoked, suggesting that nan institution rotated them, but arsenic of earlier today, it still had entree to nan SendGrid key.
Rabbit hasn’t responded to my petition for remark connected nan information breach, though it offered a wide connection yesterday connected its Discord server: “Today we were made alert of an alleged information breach. Our information squad instantly began investigating it. As of correct now, we are not alert of immoderate customer information being leaked aliases immoderate discuss to our systems. If we study of immoderate different applicable information, we will supply an update erstwhile we person much details.”
Following its much-hyped motorboat this spring, nan Rabbit R1 proved itself to beryllium a disappointment. Battery life was bad, its characteristic group was bare-bones, and its AI-generated responses often contained errors. The institution issued a package update connected short bid fixing bugs for illustration nan artillery drain and has continued to merchandise updates since then, but nan R1’s halfway problem of overpromising and massively underdelivering remains unchanged. And a superior information breach for illustration this makes it overmuch harder to triumph backmost nationalist trust.