Rabbit reveals data breach was caused by employee leaking API keys

AI companion company revokes API keys leaked by rogue employee

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The company behindrabbit r1, a sort of vague AI assistant device, has thwarted “a self-proclaimed ‘hacktivist’ group that was passed API keys by a rogue employee.

Having a company name starting with a lowercase letter may be deeply embarrassing, but don’t hold that against its security team (except when you should).

In ablog post,rabbit revealed all offending API keys had been revoked, and claims by the group to have access to source code are unfounded.

API issues

API issues

Discussing the results of athird-party code review from Obscurity Labs, rabbit explained, “Obscurity Labs’ findings show that, among other findings, no source code for our AI agent was exposed, no sensitive or valuable information was available to an attacker, and authentication tokens that are collected when you log in do not contain the actual username and password being typed.”

In the simplest of terms, alphanumeric API keys allow for the functionality of a piece of software to be called within another by a developer. The issuing of keys by an API provider helps restrict access, as well as monitor the extent of access being given.

Whilewe’re all for employees going rogue and keeping life interesting, we must regretfully award nul points in this instance, because just as API keys can be bred like rabbits, they can also, clearly, be culled likeWatership Down.

The trouble is that the company’s marketing department ought to take notes, as I have no idea what a ‘rabbit r1’ even is. It takes a ‘learn more’ link and scrolling three-quarters down the page to reveal that it’s a kind of virtual assistant - or ‘pocket companion’, as the company insists on calling it.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Other features, including something called ‘teach mode’ that they do not explain, are ‘undergoing beta testing’, which is the kind of Icarus-tier optimism from deluded tech men (it’s always men, but I did flick through the keynote and it is actually men here) that we love.

The rabbit mascot is cute, but, for $199, I need more than that. This is just whatbusiness smartphonesare now, and the reviewer for TechRadarcouldn’t help pointing outthat the rabbit r1 is ‘not good for much’, and that they were ‘constantly reaching for [their] phone’ anyway.

Overall, I think it’s good that rabbit has competent security engineers and public relations writers who can explain the ins and outs of that security in a simple, digestible way.

More from TechRadar Pro

Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

A new form of macOS malware is being used by devious North Korean hackers

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case