Developers and researchers from Rabbitude have revealed a serious security flaw in Rabbit's R1 AI gadget. They discovered hardcoded API keys in Rabbit's codebase, risking sensitive information being accessed by unauthorized individuals. These keys provided access to Rabbit's accounts with third-party services like ElevenLabs and SendGrid, allowing access to user responses from R1 devices. Despite being aware of the breach over a month ago, Rabbit failed to secure the information promptly. While some keys have been revoked, Rabbitude still has access to the SendGrid key as of earlier today. Rabbit has not responded to inquiries about the breach but released a statement on Discord denying any customer data leakage. This breach highlights the importance of robust cybersecurity measures for companies handling sensitive user data to prevent unauthorized access and potential data breaches.