Researchers have discovered a security issue in Rabbit R1 AI device where critical API keys were hardcoded and exposed, potentially allowing access to all user responses. The exposed keys could lead to unauthorized access to personal information and sensitive data stored in the device's backend.
Researchers Prove Rabbit AI Breach By Sending Email to Us as Admin https://t.co/5CfEN4fdM9
Silly Rabbit R1, Trix are for kids! Rabbit R1 AI's hardcoded API keys exposed sensitive data, allowing hackers to access responses, text-to-speech, and email services, potentially impersonating the company. Source: 404Media Co https://t.co/r3RKfF7ei4
A group of R1 jailbreakers found a massive security flaw in Rabbit’s code https://t.co/4L4QJEyosq
Rabbit R1 AI Device Exposed by API Key Leak https://t.co/RRjES2xJaG
➡️ Security breach! Rabbit R1 AI Device exposed due to an API key leak. https://t.co/0TcliSchmm
Researchers in Rabbit R1's jailbreaking community say Rabbit left critical API keys hardcoded in its code, which would let hackers use Rabbit's internal systems (@jason_koebler / 404 Media) https://t.co/l1QWkXnCqf 📫 Subscribe: https://t.co/OyWeKSRpIM https://t.co/usOinf3Wbi
Rabbit R1 security vulnerability allows third parties to view private AI responses https://t.co/7hFa4JaUpd by @chaosromero
Rabbit AI left critical API keys hardcoded and exposed in its code, which researchers claim would allow them to see "all Rabbit R1 responses ever given": https://t.co/PK6zbVveLj
the researchers who found the exposed Rabbit R1 API keys say they could see every response ever given to users. This is such a wild possibility for an AI assistant that's constantly responding to questions from users. That's what it's for! https://t.co/1GfFMwjbCc
NEW: Researchers say Rabbit left critical API keys used by R1 hard coded and exposed. They sent me emails using Rabbit admin accounts to prove this: https://t.co/tblK4hC24w
New from 404 Media: researchers prove they have access to Rabbit AI's backend by emailing us using a Rabbit administrator email. API keys were hardcoded into device, including ElevenLabs, Azure, Yelp, Google Maps. Say could see "all Rabbit R1 responses" https://t.co/Y7KqAFCBsK https://t.co/pKs0sdxkLl
Rabbit R1 security issue allegedly leaves sensitive user data accessible to anybody https://t.co/0jNjsiZ0SB
“rabbit has known that we have had their api key for a month, but they have taken no action to rotate the api keys. […] these keys allow anyone to: read every response every r1 has ever given, including ones containing personal information” Not good. https://t.co/gHbAtSCKIu