U.S. Government Employee Exposes Sensitive API Key Linked to Elon Musk’s xAI

A government employee with access to sensitive U.S. government systems has inadvertently exposed a private API key tied to Elon Musk’s xAI chatbot, raising concerns about data security and the handling of classified information. Marko Elez, a special government employee who has worked on critical systems at the U.S. Treasury, Social Security Administration, and Homeland Security, reportedly published the key on his GitHub account. The key provided unauthorized access to dozens of xAI models, including Grok, potentially compromising their functionality and security. Security expert Philippe Caturegli of consultancy firm Seralys identified the leak and alerted Elez earlier this week. While Elez promptly removed the key from his repository, the key itself was not revoked, leaving the AI models vulnerable to unauthorized access. Caturegli emphasized the seriousness of the incident, stating, “If a developer can’t keep an API key private, it raises questions about how they’re handling far more sensitive government information behind closed doors.” The incident underscores the risks associated with managing sensitive digital assets and highlights the need for stricter security protocols, particularly for individuals with access to critical government systems. As concerns about data breaches and cybersecurity grow, this case serves as a reminder of the potential consequences of lapses in digital security, even among those entrusted with safeguarding sensitive information.

Published: 7/15/2025