Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk’s artificial intelligence company xAI.
On July 13, Mr. Elez committed a code script to GitHub called “agent.py” that included a private application programming interface (API) key for xAI. The inclusion of the private key was first flagged by GitGuardian, a company that specializes in detecting and remediating exposed secrets in public and proprietary environments. GitGuardian’s systems constantly scan GitHub and other code repositories for exposed API keys, and fire off automated alerts to affected users.
Philippe Caturegli, “chief hacking officer” at the security consultancy Seralys, said the exposed API key allowed access to at least 52 different LLMs used by xAI. The most recent LLM in the list was called “grok-4-0709” and was created on July 9, 2025.
Idk if I missed it, but I don’t see any info about the repo itself besides the ‘agent.py’ file the key was committed to. Was the repo a government repo? Personal and public?
I don't think an article writing for an audience that needs API defined is the place to get the finer details. Also, does it really matter? Keeping secrets out of the repo is pretty basic stuff, so there's a lack of fundamental information security awareness.
I'd bet all the monies that there's a bunch of unencrypted spreadsheets with enough data to steal millions of identities on some idiot's Google Drive or whatever, and a bunch of it's been shared with commercial LLMs without any of our consent. Our personal data's being handled less securely than the average corporate SharePoint site's plans for the next pizza party.