Article 6NT2S A group of R1 jailbreakers found a massive security flaw in Rabbit’s code

A group of R1 jailbreakers found a massive security flaw in Rabbit’s code

by
Allison Johnson
from The Verge - All Posts on (#6NT2S)
Rabbit_R1_screen.0.jpeg Researchers say Rabbit left secure data vulnerable to bad actors. | Photo: David Pierce / The Verge

Rabbit and its R1 AI gadget are under fire again, and it's much more serious than the time we found out its launcher really could just be installed as an Android app. A group of developers and researchers called Rabbitude says it discovered API keys hardcoded in the company's codebase, putting sensitive information at risk of falling into the wrong hands.

These keys essentially provided access to Rabbit's accounts with third-party services like its text-to-speech provider ElevenLabs and - as confirmed by 404 Media - the company's SendGrid account, which is how it sends emails from its rabbit.tech domain. According to Rabbitude, its access to these API keys - particularly the ElevenLabs API - meant it could access every response ever...

Continue reading...

External Content
Source RSS or Atom Feed
Feed Location http://www.theverge.com/rss/index.xml
Feed Title The Verge - All Posts
Feed Link https://www.theverge.com/
Reply 0 comments