$200 vibrant orange minimalist An AI prop called Rabbit R1 It promised to be a reliable AI companion, but in reality Incomplete, unfinished machine But according to a group of white hat hackers, the situation is even worse than that. Ravitude They claim that for over a month they had access to all of Rabbit R1’s codebase API keys and were able to peer into all of Rabbit’s responses, including sensitive information provided to the AI.
So, if you’re one of those hares who’s still jumping at the chance to use the Rabbit R1, you should stop using it immediately.
Rabbitude claims to have gained access to Rabbit’s codebase on May 16. The team also shared API keys that allow Rabbit to connect to Google Maps and Yelp, giving the AI model access to local reviews and directions. ElevenLabs KeyThis is the system Rabbit uses for text-to-speech. This last feature is particularly important for the day-to-day operation of Rabbit, as it allows a hacker to get a history of all your past text-to-speech messages or block your device by deleting the audio entirely.
After the hacker group published their findings late Tuesday, one of their members, who goes by the name Eva online, said that ElevenLabs temporarily disabled the ElevenLabs API key and shut down all Rabbit devices for a time until they were back online. They said “Rabbit knew about it but did nothing to fix it.”
Gizmodo reached out to Rabbit for comment early Wednesday morning but did not immediately receive a response. Engadget The company said it was aware of the alleged breach but was “not aware that any customer data was leaked or that our systems were compromised.” Gizmodo also asked Rabbit if it had revoked the API keys and will update this article if it learns more.
Rabbit R1 is already prone to outages due to its heavy reliance on cloud services that the Rabbit team does not have direct control over, with ChatGPT experiencing a temporary outage last month. Rendered the device completely uselessGizmodo was unable to independently confirm whether interference with the ElevenLabs API caused Rabbit to be taken offline. We’ve reached out to the hacker team for evidence and comment, and will update this article if we learn more.
Tech blogger Ed Zitron has already detail The company’s transformation from a crypto metaverse project to an AI device. YouTuber Coffeezilla He also analyzed some of the more worrying aspects of the device, including “serious data privacy concerns” after looking at Rabbit’s codebase. He mentioned “something that a bad actor could use to access every response R1 has ever returned.”
In the Rabbitude Discord, the team claims that they’ve been working with CoffeeZilla since gaining access to the codebase over a month ago. The team further states, “This is real. Rabbit can make excuses all they want, but this is real and it happened. They had a month to change the keys and they didn’t. This is their fault.”
