Marco AlezA 25 -year -old employee in Elon Musk Government efficiency department (DOGE), a sensitive database has been provided in the US Social Security Administration, Treasury and Department of Justice and Homeland Security Department. So all the Americans should fill in a deep sense of confidence to know that in the weekend, Mr. Else inadvertently published a private key, which allowed anyone to interact directly with the four dozen language models (LLM) developed by Musk’s Artificial Intelligence Company. Xai,
Picture: Shuttersk, @SDX15.
On 13 July, Mr. Elj scripted a code to Github called “agent.py”, which included a private application programming interface (API) key for XAI. The inclusion of private key was first flagged off GitguardianA company that specializes in detecting and removing exposed secrets in public and proprietary environment. Gitguardian’s systems continuously scan the Github and other code repository for API keys, and set fire to the affected users automated alerts.
feast“Chief Hacking Officer” on security counseling Seurlis, The exposed API key allowed access to at least 52 separate LLMs used by XAI. The most recent LLM in the list was called “Grok-4-0709” and was made on 9 July 2025.
Ravine, Liberal ai chatboat Developed and integrated into Twitter/XThese and other LLMs depend on (a query for the grake before publication suggests that Groke currently uses Groke -3, which was launched in Furry 2025). Earlier today, Xai Announced Will start using Groke as part of Defense Department Contract up to $ 200 millionContract awards came less than a week after the start of Groke Calling Antisemitic Rents and Adolf Hitler,
Mr. Else did not respond to the remarks request. Code repository containing private XAI key was removed by Caturegali via email immediately after informing Elies. However, Caturegli said that the exposed API key still works and has not been canceled yet.
“If an API key cannot keep an API key private, then the question raises the question of how they are handling more sensitive government information behind closed doors,” Catugali told Krebsnascurity.
Before joining Dogge, Marco Alez Worked for many musk companies. His Dogi career started in the Treasury Department, and a legal battle on Dogi’s reach for the Treasury database revealed that Alez was sending individual information In violation of agency policies,
Still in Treasury, Alex resigns The Wall Street Journal Join him with social media posts He advocated racism and eugenics. When? Vice President JD Vance Advocated to re -prepare Alex, President Trump Agreed and Kasturi restored him.
Since hiring him again as a Dogi employee, Alex has been provided access to a database in one after the other. Tekkachchan Reported in February 2025 He was working in social security administration. in March, Commercial insider found The Alex was part of a Dogi troop handed over to the labor department.
Marco Alge in a photo from a social media profile.
In April, the new York Times Informed That Alex captured the posts U.S. Customs and Border Protection And this Immigration and Customs Enforcement (Ice) Bureau, as well as Homeland Security Department. Washington Post Later Informed Serving that Alez, while serving as a dog consultant Department of JusticeThe immigration review courts and the Appeal System (EACS) had access to the Executive Office.
Elez is not the first Doge worker to publish internal API key for XAI: In May, Krebsonsecurity expanded how another DOGE employee leaked a private Xai key on GITHUB for two months, exposed LLM, which was customary to work with internal data from Mask companies including SpaceX, Tesla and Twitter/X.
CATUREGLI said that it is difficult to rely on someone with access to confidential government systems when they cannot even manage the basics of operational safety.
“A leakage is a mistake,” he said. “But when the same type of sensitive key is repeatedly exposed, it is not just a bad luck, it is a sign of deep negligence and a broken security culture.”
