[kotaKat]

The code is their "minions" to handle actions on websites. When you ask it to, say, book a trip, and it tries to search AirBnB.

"If someone spends enough time with the login minions they can extract these code"

AKA "Someone will figure out how this worked, but our code is secure, trust us".

The "rabbit hole" they mention is the whole "cloud" system that Rabbit talks about using to manage all of your services and integrations and 'rabbits' you create that run tasks.

[saltsaman]

So it is a confirmed leak and they are just doing damage control?

[rhinoceraptor]

It seems to just be a leak of their sandboxed headless browser setup and the API code for controlling it. Obviously such a thing will run arbitrary JS from the web so inevitably there will be something like a browser sandbox exploit, and subsequent dump of its filesystem.

The leak doesn't seem to contain what Rabbit calls the LAM, their purported AI model for interacting with UIs. And what the leakers are claiming is that Rabbit's automation is just handwritten scripts which seems to be completely unsubstantiated. The rabbit secret sauce could still turn out to be a scam but I didn't see anything to corroborate any of the leakers' claims. Grepping the files I found no reference to doordash, uber eats or midjourney, only a path reference to what appears to be a spotify integration library, but the source for that isn't there.