The Rabbit R1 AI gadget has been underwhelming, overhyped, and unreliable. Unfortunately, it looks like the product has a major vulnerability that Rabbit hasn’t fixed yet.

A team of security researchers collectively known as Rabbitude reported that it gained access to Rabbit’s codebase on May 16 and discovered several hardcoded API keys. These keys are for two text-to-speech systems (ElevenLabs and Azure), Google Maps, and Yelp.

Access to these keys (particularly the ElevenLabs key) apparently allows anyone to engage in a variety of extremely concerning activities. For starters, the Rabbitude team says it allows nefarious actors to read every response any Rabbit R1 gadget has ever given. This includes responses containing personal or sensitive information.

Reading responses is just the beginning

That’s ridiculously bad if confirmed. It doesn’t stop here, though, as the vulnerability apparently allows anyone to brick Rabbit R1s, change the gadgets’ responses, and change the device’s voice.

“We have internal confirmation that the Rabbit team is aware of this leaking of API keys and have chosen to ignore it. The API keys continue to be valid as of writing,” the team explained.

“We will not be publishing any more details out of respect for the users, not the company,” it added.

We’ve asked Rabbit about this apparent flaw and whether it is indeed ignoring the issue. We’ll update the article if/when the company gets back to us. News of this flaw also comes after researchers claimed the Rabbit R1 wasn’t really powered by a so-called large action model as originally claimed. These researchers also got games running on the R1 servers.