R1 Jailbreakers Discover Major Security Vulnerability in Rabbit's Code

Rabbit and its R1 AI gadget are facing serious scrutiny again, this time due to a critical security flaw. A group of developers and researchers known as Rabbitude has revealed that it discovered hardcoded API keys within Rabbit's codebase, jeopardizing sensitive information. These keys provided access to Rabbit's accounts with third-party services, including ElevenLabs, its text-to-speech provider, and SendGrid, which Rabbit uses to send emails from its rabbit.tech domain.

According to Rabbitude, its access to the ElevenLabs API allowed it to retrieve every response generated by R1 devices, which poses a significant risk. The group reported gaining access to these keys over a month ago, and despite notifying Rabbit, the company initially took no action to secure the information. While some access to the keys has since been revoked, Rabbitude still retained access to the SendGrid key as of today.

In response to this incident, Rabbit directed inquiries to a statement on its website. Company spokesperson Ryan Fenwick mentioned that they are updating the page to provide timely information. The statement reiterates a message shared on Rabbit’s Discord channel, indicating that the company is investigating the breach but has yet to identify any compromise of critical systems or customer data.

Despite its promising launch this spring, the Rabbit R1 has struggled with several issues, including poor battery life and a lack of essential features. While Rabbit has released software updates to address bugs, including battery drain, the core problem of underdelivering on expectations remains unaddressed. This recent security breach further complicates efforts to regain public trust.