404 Media: Researchers Find Exposed API Keys in Rabbit AI, Access All R1 Responses

Jun 26, 2024, 02:37 PM

Researchers have discovered that Rabbit AI left critical API keys hardcoded and exposed in its code. These keys, which include those for ElevenLabs, Azure, Yelp, and Google Maps, allow access to all responses ever given by Rabbit's AI assistant, R1. The researchers demonstrated their access to Rabbit's backend by emailing using Rabbit administrator accounts. Despite being aware of the issue for a month, Rabbit has not taken action to rotate the API keys, according to 404 Media.