TZUTC: -0500   
   MSGID: 1238.consprcy@1:2320/105 2cde3ee1   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   DOGE employee leaks private xAI API key from sensitive database   
      
   Date:   
   Wed, 16 Jul 2025 18:30:00 +0000   
      
   Description:   
   The staffer had access to millions of Americans personal data.   
      
   FULL STORY   
      
   A staffer with access to the personal data of millions of Americans has   
   apparently leaked the API Key to at least four dozen LLMs developed by   
   artificial intelligence company xAI, including Xs (formerly Twitter) own   
   chatbot Grok.    
      
   Security expert Brian Krebs revealed Marko Elez, an employee at Elon Musks   
   Department of Government Efficiency, had access to sensitive databases at the   
   US Social Security Administration, Justice, and Treasury departments as part   
   of DOGEs work in 'streamlining' the departments to increase efficiency.    
      
   Ironically, researchers recently uncovered that a DOGE workers credentials   
   were exposed by infostealing malware , so DOGEs security record so far is    
   less than impressive.    
      
   A code script was committed to GitHub named agent.py that included a private   
   application programming interface (API) key for xAI by Elez. This was first   
   flagged by GitGuardian, a firm which scans GitHub for API secret tokens,   
   database credentials, and certificates - and alerts affected users.    
      
   The exposed API key allowed access to at least 52 different LLMs used by xAI,   
   with the most recent being an LLM called grok 4-0709, created on July 9, 2025   
   - according to Chief Hacking Officer at security consultancy Seralys,    
   Philippe Caturegli.    
      
   Caturegli warned KrebsOnSecurity, If a developer cant keep an API key    
   private, it raises questions about how theyre handling far more sensitive   
   government information behind closed doors.    
      
   The code repository that contains the private API key has since been removed   
   after Elez was notified by email of the leak, however, the key still works    
   and has not yet been revoked, so the issue is far from resolved.    
      
   This is not the first time internal xAI APIs have been leaked, with LLMs made   
   for Musks other organisations, like SpaceX, Tesla, and Twitter/X exposed   
   earlier in 2025, Krebs confirmed .    
      
   One leak is a mistake, Caturegli said, But when the same type of sensitive    
   key gets exposed again and again, its not just bad luck, its a sign of deeper   
   negligence and a broken security culture.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/doge-employee-with-sensitive-database-a   
   ccess-leaks-private-xai-api-key   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426