The original claim in the code dump is that no ML tools are used at all and the tool is just leaning on Playwright to automate specific actions on a website.

The CEO here is claiming that the ML code is being run outside this code base and that the original claim is being made by someone who doesn't know how the code works.

The CEO's mention of sanitized code isn't as clear to me, that can mean different things. Compiled code can be considered sanitized since it likely isn't human readable, obfuscated code makes that harder, and removing some code all together would be the most effective. The problem with removing code all together is that you would still find code paths that just can't be executed at all, leaving some trail of what code was removed. That wouldn't leak any secrets obviously, but would support the argument that code has been removed and the codebase is being misread.

The code is their "minions" to handle actions on websites. When you ask it to, say, book a trip, and it tries to search AirBnB.

"If someone spends enough time with the login minions they can extract these code"

AKA "Someone will figure out how this worked, but our code is secure, trust us".

The "rabbit hole" they mention is the whole "cloud" system that Rabbit talks about using to manage all of your services and integrations and 'rabbits' you create that run tasks.

So it is a confirmed leak and they are just doing damage control?

It seems to just be a leak of their sandboxed headless browser setup and the API code for controlling it. Obviously such a thing will run arbitrary JS from the web so inevitably there will be something like a browser sandbox exploit, and subsequent dump of its filesystem.

The leak doesn't seem to contain what Rabbit calls the LAM, their purported AI model for interacting with UIs. And what the leakers are claiming is that Rabbit's automation is just handwritten scripts which seems to be completely unsubstantiated. The rabbit secret sauce could still turn out to be a scam but I didn't see anything to corroborate any of the leakers' claims. Grepping the files I found no reference to doordash, uber eats or midjourney, only a path reference to what appears to be a spotify integration library, but the source for that isn't there.

I think it means to say that:

1) The got the code by bruteforcing the login credentials on device.

2) Server-side code is not accessible which is where the LAM runs.

This isn’t likely though, is it? The device is unlikely to be running NodeJS and playwright.

"Shit, shit, shit, shit! Dissemble!"