If you own a Rabbit R1, be sure to install the new July 11th software update that addresses some concerning issues. Since its launch, the Rabbit R1 AI assistant device has been storing users’ chat logs on-device with no way to erase them, according to a company security bulletin. Rabbit is now addressing the issue with a software update that includes a new Factory Reset option in settings to wipe the device. Previously, users could only unlink their accounts from the R1, which did not erase all user data.

The update introduces the ability to fully delete local user data and addresses another concerning behavior. Previously, stored pairing data allowed the R1 hardware to read and add to the Rabbithole journal, meaning a stolen and hacked R1 could potentially access users’ saved requests, photos, and more. With the update, pairing data can no longer read the journal and is not logged to the device, and Rabbit has reduced the amount of log data stored on the device. The company states there is “no indication that pairing data has been abused to retrieve Rabbithole journal data belonging to a former device owner.”

Rabbit’s security bulletin suggests the issue is relatively minor, using an example of a stolen and jailbroken R1 revealing the last weather log asked by the original owner. Last month, security researchers discovered API keys hardcoded in the company’s codebase. Following the report, Rabbit traced the leak to an employee who has since been terminated and is under investigation.

The company promises to improve security practices and prevent similar issues in the future, stating it is performing a full review of device logging practices to ensure they align with its standards “set in other areas.”