A Rabbit R1 security flaw exposes user data, the company responds amid controversy

Rabbit has responded to these allegations by referring to the incident as an "alleged data breach"

Sources from the Rabbitude community state that a serious security flaw has been found in the Rabbit R1 AI device, potentially risking user data. According to the group, they have discovered important hardcoded API keys in the Rabbit R1 software, which would have allowed unauthorized access to private data and user interactions. Access to services like Azure's speech-to-text systems and ElevenLabs' text-to-speech systems was apparently made available by these keys.

The Rabbitude team claims that even though Rabbit was aware of the problem for a month, it did nothing to address it immediately. Rabbit allegedly only withdrew one of the accessible API keys after the problem was made public, which caused a temporary disruption in R1 device functionality. Rabbit has responded to these allegations by referring to the incident as an "alleged data breach" and stated that an investigation is being conducted by its security team. The company, however, insists that there is currently no proof of a system breach or release of consumer data. However, whether Rabbit had removed all API keys found by the Rabbitude team is still ambiguous.

Users and interested parties are waiting for Rabbit to provide more information as the investigation progresses about the reliability of the R1 devices and any possible effects on user privacy.