Rabbit and its R1 AI gadget are facing serious security issues after the developer group Rabbitude found hardcoded API keys in its codebase. These keys gave access to Rabbit’s third-party services, including its text-to-speech provider and email service, exposing sensitive data. Rabbitude reported the breach over a month ago, but Rabbit took no immediate action. Although most keys have now been revoked, access to some, like the SendGrid key, persisted until recently. Rabbit claims to be investigating the incident but has not found any compromise of critical systems or customer data. This follows the R1’s disappointing launch, plagued by poor battery life, limited features, and error-prone AI responses, making it difficult for the company to regain public trust.
Read more – https://www.theverge.com/2024/6/26/24186614/rabbit-r1-security-flaw-api-key-codebase
