【】

发布时间：2025-07-06 03:26:30 作者：玩站小弟

"All [Rabbit] R1 responses ever given can be downloaded," according to an R1 research group called R 。

"All [Rabbit] R1 responses ever given can be downloaded," according to an R1 research group called Rabbitude.

Rabbit and its R1 AI device has already been dunked on for being nothing more than an Android app wrapped up in a hardware gadget, but something much more alarming is afoot.

SEE ALSO:I tested Rabbit R1 vs. Meta AI: The winning AI assistant will surprise you

The report (via The Verge) said Rabbitude gained access to the codebase and discovered API keys were hardwired into its code. That means anyone with these keys could "read every response every r1 has ever given, including ones containing personal information, brick all r1s, alter the responses of all r1s [and] replace every r1’s voice." The investigation discovered that these API keys are what provided access to ElevenLabs and Azure for text-to-speech generation, Yelp for reviews, and Google Maps for location data.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

What's worse, Rabbitude said it identified the security flaw on May 16 and that Rabbit was aware of the issue. But "the API keys continue to be valid as of writing," on June 25. Continued access to the API keys means bad actors could potentially access sensitive data, crash the entire rabbitOS system, and add custom text.

The following day (June 26) Rabbit issued a statement on its Discord server saying that the four API keys Rabbitude identified have been revoked. "As of right now, we are not aware of any customer data being leaked or any compromise to our systems," said the company.

But the plot thickens. Rabbitude also found a fifth API key that was hardwired in the code, but not publicly disclosed in its investigation. This one is called sendgrid, which provides access to all emails to the r1.rabbit.tech subdomain. At the time Rabbitude published its follow-up report, the sendgrid API key was still active. Access to this API key meant Rabbitude could access additional user information within the R1's spreadsheet functions and even send emails from rabbit.tech email addresses.

If you were already skeptical of the R1's half-baked capabilities that Mashable Tech Editor Kimberly Gedeon blamed on "rushed innovation, disillusionment, and impetuousness" in her review, this might be your sign that Rabbit is at best, not worth the money, and at worst, incapable of keeping your data private.

TopicsArtificial IntelligencePrivacy

Tag：

The five guys who climbed Australia's highest mountain, in swimwear
Climbing a freezing cold mountain is already hard enough work. But in briefs? Nope.。It's too late fo
2025-07-06
丹朱馬：贏拜仁？還有進步空間基米希：0
丹朱馬：贏拜仁？還有進步空間基米希：0-1可以了_比賽_事情_埃梅裏www.ty42.com 日期:2022-04-07 08:01:00| 評論(已有339612條評論)
2025-07-06
曝FIFA計劃2022世界杯變革常規時間延長至100分鍾
曝FIFA計劃2022世界杯變革常規時間延長至100分鍾_國際足聯_蒂諾_比賽www.ty42.com 日期:2022-04-06 21:01:00| 評論(已有339569條評論)
2025-07-06
青島記者：青島隊基本確定退出中甲俱樂部高層已默認
青島記者：青島隊基本確定退出中甲俱樂部高層已默認_參賽_賽季_中國足協www.ty42.com 日期:2022-04-06 10:31:00| 評論(已有339477條評論)
2025-07-06
Wikipedia co
The group behind a growing list of celebrity social media breaches has struck again, this time takin
2025-07-06
馬內連場KO薩拉赫後超傑拉德紅軍進四強已無懸念
馬內連場KO薩拉赫後超傑拉德紅軍進四強已無懸念_利物浦_歐冠_國米www.ty42.com 日期:2022-04-06 07:01:00| 評論(已有339420條評論)
2025-07-06

熱點

娛樂

休閑

百科

綜合

焦點

探索

知識

【】

相关文章

最新评论

文章分类

大家感兴趣的内容

最近更新的内容

友情链接