Rabbit, the company behind perfunctory and potential problems Rabbit R1, now claims that a fired employee gave hackers and developers collective access to all of its various API keys, allowing them to read users’ AI prompts and serve them from the company’s own email The device sends the message. The makers of the AI trick are still calling out “outside critics” while praising the effectiveness of R1’s safety. Still, their efforts don’t appear to be an end to ongoing cybersecurity problems.
Back in June, a team of white hat hackers and developers called themselves Rabbitude issued a damning report Claims they have access to many of Rabbit’s internal code libraries and can use many hard-coded API keys. This includes the company’s key to connect to text-to-speech service ElevenLabs, which allows them to view all of a user’s past text-to-speech messages. Rabbit first denied the issue but later changed its API key.
A Rabbit spokesperson wrote in an email to Gizmodo: “In June, an employee (now fired) leaked API keys to a self-proclaimed ‘hacktivist’ group, which wrote a paper An article claimed that they had access to Rabbit’s internal source code and some API keys. Rabbit immediately revoked and rotated those API keys and moved other secrets to AWS Secrets Manager.
The company continues to claim that the hack occurred in June. Rabbitude still insists it has had access to the code library and API keys since May. The hacker collective claimed that Rabbit was aware of the API issue but chose to ignore it until Rabbitude released its findings the next month.
In a Signal chat, a Rabbitude hacker named Eva disputed Rabbit’s alleged timeline of events, saying: “We’ve had access for over two months.” They declined to comment on Rabbit’s claims, citing “legal reasons.” Former employees commented on the allegations, but they still mocked Rabbit for choosing to hardcode API keys.
“Even if they are insiders, they should not hardcode the key in the code, because this means that any employee can access the user’s production information, even if the information is not compromised,” Eva said.
Rabbit initially denied there was a problem with the code base and API keys. To prove they had access, members of Rabbitude Sent an email From the AI device company’s internal email server to Gizmodo and multiple points of sale. Rabbit later changed all API keys to block access. The company ultimately said in a statement Press release “The only misuse of these keys was sending defamatory emails to Rabbit employees” and “a small number of journalists who encouraged the hacking.”
Rabbit claims its system is always reliable
The problem was never that hackers got hold of sensitive Rabbit R1 user data, but that anyone on the Rabbit team had access to that information in the first place. Rabbitude noted that the company should never hardcode its API keys because this would allow too many people internal access. Rabbit still seems to be covering up the issue, while constantly disparaging the developer community by referring to “self-proclaimed hacktivists” or journalists who first pointed out the problem.
Even after Rabbitude published its findings, questions continued to mount. Last month, the device maker shared The security issues with the Rabbit R1 are even more troubling. The company says users’ responses are saved to their devices and won’t be deleted even after they log out of their Rabbit Hole account. This means that user responses can be accessed via “jailbreaking” after the device is sold. Rabbit is limiting the amount of data stored on the device. Since Rabbit released the device in late April, users have finally had the option to factory reset the device through settings.
Rabbit hired cybersecurity firm Obscurity Labs to conduct penetration testing on Rabbit’s backend and the R1 device itself. The company conducted testing between April 29 and May 10, before the safety controversy first emerged. Obscurity Labs published Report This week, we described how they used some very basic attacks to gain access to the Playwright script at the heart of the R1 system, but not the source code or credentials that would allow users to access their Uber or DoorDash accounts.
In an email to Gizmodo, Rabbit again claimed that the company’s source code had not been leaked. A spokesperson for the company said that reports show that their security measures “are working as expected to fully reduce the potential impact of the attack.” The company further claims that when the hackers accessed Rabbit’s systems, “they were unable to access any substantive information, including Sensitive or other valuable information.”
Critics were not entirely reassured. The report explicitly did not test how Rabbit stores a user’s session token. After some critics complained, Obscurity Labs updated its report, saying the system was “out of scope” because Rabbit used a third-party company to keep that data secret. For their part, Rabbitude said members said the report didn’t really address their concerns.
“I wouldn’t even call it a penetration test,” Eva said.
