A leaked xAI security key could put your data at risk — here's what happened
According to a report from TechRadar, Marko Elez, a 25-year-old software developer with the Department of Government Efficiency (DOGE), accidentally uploaded xAI credentials to GitHub while working on a script titled agent.py.
That key granted access to at least 52 private large language models from xAI, including the latest version of Grok (grok‑4‑0709), a GPT-4-class model powering some of Musk's most advanced AI services.
The exposed credentials remained active for a concerning period of time, raising major questions about access control, data security, and the growing use of AI across U.S. government systems.
Elez had high-level clearance and access to sensitive databases used by agencies like the Department of Justice, Homeland Security and the Social Security Administration.
If the xAI credentials were abused before being revoked, it could open the door to misuse of powerful language models, from scraping proprietary data to impersonating internal tools.
This incident follows a string of DOGE-related security lapses and adds to a growing chorus of criticism over how the agency; formed under Elon Musk's influence to improve government efficiency, manages internal safeguards.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
The leaked key was embedded in a GitHub repository owned by Elez and exposed publicly. It provided backend access to xAI's model suite, including Grok-4, without any apparent usage restrictions. Researchers who discovered the leak were able to confirm its validity before the repository was taken down, but not before it could have been scraped by others.
The most recent Grok models are used not only for public-facing services like X (formerly Twitter) but also within Musk's federal contracts. This means the API leak may have inadvertently created a potential attack surface across both commercial and governmental systems.
This is a warning sign that AI tools with enormous power are being handled casually, even those held by government insiders.
Philippe Caturegli, CTO at cybersecurity firm Seralys, told TechRadar: 'If a developer can't keep an API key private, it raises questions about how they're handling far more sensitive government information behind closed doors.'
Elez has been involved in previous DOGE controversies, including inappropriate social media behavior and apparent disregard for cybersecurity protocols.
At the time of writing, xAI has not issued a statement, and the leaked API key has not been officially revoked, according to reports. So as of now, xAI hasn't disabled that key, making it a continuing security concern.Meanwhile, government officials and watchdogs are calling for stricter credential management policies and better oversight of tech collaborations involving high-stakes AI infrastructure.
While this breach may not immediately affect the average user, it highlights a broader issue: the increasingly blurred lines between public and private AI development, and the very real need for transparency, accountability, and better data hygiene in both sectors.
For now, the key takeaway is this: as AI systems become more powerful, the humans behind them must be even more careful. As we are already seeing, one careless upload could unlock a world of risk.Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Elon Musk's $9B Neuralink told federal government it's a ‘small, disadvantaged business'
Elon Musk's $9 billion brain chip company identified itself as a 'Small Disadvantaged Business' in a filing to the federal government. Musk, the world's richest man, co-founded Neuralink in 2016. The company works to develop brain chips that allow people to manipulate computers and other technology just by thinking. The company's profile with the Small Business Administration was last updated on April 27. The agency's website says the business attested that it was a Small Disadvantaged Business, according to a first report by the Substack Muskwatch. The company attested to this 'when registering with The SBA says it did not vet this self-certification. Neuralink's ownership structure is unclear and the company did not provide a list of principals, which includes owners, executives and other key decision makers, to the SBA. The company employs between 201 and 500 people, according to its LinkedIn page. To qualify as a Small Disadvantaged Business, the agency says a company must be majority owned and controlled by at least one person who is socially and economically disadvantaged. Elon Musk's brain chip company has told the federal government it is a 'Small Disadvantaged Business' (AFP via Getty Images) The agency considers someone economically disadvantaged if they have 'been impaired due to diminished capital and credit opportunities as compared to others in the same or similar line of business who are not socially disadvantaged.' The designation is created to ensure that disadvantaged small businesses gain access to opportunities federal contracting opportunities, CNBC reports. Each year, the federal government spends about 10 percent of its total annual federal contracting funds on Small Disadvantaged Businesses, the SBA says. The Justice Department has previously fined businesses for misrepresenting their status as a Small Disadvantaged Business. Neuralink co-founder Musk has a net worth of more than $412 billion. The company raised $650 million in its most recent funding round, earning buy-in from big-name investors like Peter Thiel's Founders Fund, CNBC reports. Thiel, a conservative venture capitalist, is known for co-founding PayPal with Musk and mentoring Vice President JD Vance. The Independent has contacted Neuralink for comment. Neuralink's SBA profile was last updated during the time that Musk led the Department of Government Efficiency, under the designation of a 'special government employee' of the Trump administration. Under Musk, DOGE gutted entire federal agencies, terminated thousands of contracts and laid off thousands of federal employees. Musk worked closely with Trump during this time, and was at one point considered the 'First Buddy' before the relationship blew up in a public feud last month. Since then, Musk has accused Trump of being named in the Epstein Files - but later deleted those remarks - while the president has said he'd 'take a look' at deporting the billionaire. Elon Musk and Donald Trump had a close relationship before a public falling-out last month (REUTERS) Last year, 30-year-old Noland Arbaugh became the first person to receive a Neuralink implant. Arbaugh, who has been paralyzed from the shoulders down since 2016, told the BBC the chip has allowed him to use a computer. He's able to move the cursor by thinking about wiggling his fingers, and can even play chess and video games using the brain chip. "Honestly I didn't know what to expect, it sounds so sci-fi," Arbaugh said. Arbaugh spoke to Musk before and after the implantation surgery. The billionaire was 'just as excited as I was to get started,' Abraugh said. In January, Musk said at least three people had received Neuralink chips. The billionaire wants to implant the chips in 20 to 30 more people by the end of 2025. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Politico
an hour ago
- Politico
Former Sen. Laphonza Butler becomes OpenAI adviser
OpenAI is facing an inflection point in its plans for future growth, hoping contentious changes to a more conventional corporate structure will help the company raise money to keep ahead of cash-slinging competitors. Those plans have run up against fierce resistance from former co-founder Elon Musk and civic leaders, particularly in California, home to the company headquarters and where Butler touts powerful connections with the labor world. Three people familiar with Butler's new gig, granted anonymity to disclose private personnel moves, confirmed it to POLITICO. An OpenAI spokesperson separately told POLITICO Butler is an adviser. The former senator did not respond to a request for comment. Prior to joining Congress in 2023, Butler was a longtime labor leader with the Service Employees International Union and a campaign adviser to former Vice President Kamala Harris. She came to the Senate from the top post at EMILY's List, which seeks to elect female candidates who support abortion rights. OpenAI is not her first industry rodeo. She previously worked in private sector consulting for companies like Uber through the firm rebranded as Bearstar Strategies and later made at least $1 million from Airbnb stock as the short-term rental platform's director for public policy. Butler went into political consulting in 2018 as preparation for Harris' not-yet-unannounced first presidential run. Harris aides and allies told POLITICO earlier this year that she is seriously considering a run for governor in California and gave herself until the end of the summer to decide whether to enter the crowded field. Butler said in a January interview that she would provide Actum clients with strategic consulting services, indicating a special interest in 'the intersection of work and workers with technology and how we can build a society that works for everyone.' She intended to split her time at the firm between Los Angeles and D.C. During her Senate stint, Butler ventured into introducing some bills on artificial intelligence. One directed federal agencies to use the technology to better predict and respond to extreme weather. Another proposed $250 million in government funding to educate students and upskill marginalized communities for jobs in an AI future. Neither passed that session. The nexus of AI and race has been of particular interest to Butler. It repeatedly featured as a theme in her questions during congressional hearings. She said in late 2023 that the technology is 'already widening preexisting inequities,' but then hosted a panel last fall about how AI can empower Black communities.
CNET
2 hours ago
- CNET
What Is Grok? Everything to Know About Elon Musk's AI Tool
Elon Musk isn't one to sit out a tech trend. In November 2023, he launched Grok, an AI chatbot created by his artificial intelligence startup, xAI. Musk, who co-founded OpenAI before departing in 2018, created Grok to compete with ChatGPT, Claude, Perplexity and Google's Gemini. But he gave it a sarcastic twist and direct access to X (formerly Twitter), the social platform he purchased in October 2022. Initially, Grok was available exclusively to paying X Premium Plus subscribers. By December of 2024, xAI rolled out a limited free tier, allowing you to make 10 queries per day. Now, it is also available via web browser, as standalone mobile iOS, Android and desktop apps, meaning you can access Grok without an X subscription. It should also soon be available to Telegram users, per Telegram CEO Pavel Durov's announcement on X. On July 10, SuperGrok entered the scene. xAI introduced Grok 4 and Grok 4 Heavy in a livestream that felt more like a late-night show-and-tell than a typical Silicon Valley polished product launch -- and it came packed with some bold claims. So let's dive deeper into Grok's advantages, controversies and what sets it apart from other generative AI tools. The background story Grok was developed by xAI, an AI startup founded by Musk in July 2023. The company's stated mission is "to understand the universe," and it maintains close ties with Musk's other ventures like X, Tesla and Neuralink. Unlike ChatGPT, which started with static training data and later added web browsing, Grok was built to be live from the start. It was inspired by The Hitchhiker's Guide to the Galaxy, promising users a chatbot that answers with wit, humor and attitude. On its website, xAI emphasizes that Grok aims to provide accurate information, though its edgy, less-moderated approach with a "rebellious streak" sometimes blurs the line between useful and controversial. This unfiltered "free speech" style has led to backlash, with Grok being known to occasionally generate biased or offensive content -- like last week's "MechaHitler" controversy (more on that below). And, like all the other AI chatbots, it warns you that it can sometimes hallucinate. Its defining feature is real-time integration with X, which means it can pull from trending posts, user conversations and breaking news faster than other bots. The company says it may use your X data and interactions with Grok for model training, fine-tuning and to personalize your Grok experience. But you can opt out using your X settings. What can Grok do? Like most AI chatbots, Grok can answer questions, summarize articles, write emails, explain complex topics and help with coding. If you're on X and see a post you want more info about, you can ask Grok directly in the comments. You can also DM it like you'd message a friend. It pulls in real-time context from X and web sources (though it doesn't always cite them clearly), frequently adopting a casual, humorous or sarcastic tone reminiscent of Musk's posts. Meta AI is integrated across its socials similarly, but Grok excels at this. None of the other major chatbots offer that kind of native integration with a social media network. You can also ask it to generate images using a built-in AI image tool. Perplexity and ChatGPT rely on OpenAI's models for that part, but since Grok 3, the company uses its own model, Aurora. Previous Grok models used Black Forest Labs' Flux model until December 2024. Grok also supports math explanations, brainstorming ideas and text translation. For developers, there's Grok 4 Code, a specialized model designed to write, debug and explain code more efficiently, similar to tools like GitHub Copilot or GPT-4 Code Interpreter. "You can cut & paste your entire source code file into the query entry box on and Grok 4 will fix it for you!" Musk tweeted earlier in July. Another capability with Grok 4 is enhanced cultural fluency. A recent update makes Grok adept at interpreting memes, internet slang and humor, potentially making it the most "online" AI assistant yet. Grok 4 and Grok 4 Heavy models and pricing During the livestream, Musk claimed Grok 4's capabilities exceed those of humans in academia. "Grok 4 is postgrad-level in everything," Musk said. "At least with respect to academic questions, Grok 4 is better than a PhD level in every subject. No exceptions." John Licato, assistant professor of computer science and engineering at the University of South Florida, says these claims are absolutely misleading. "'PhD-level' is being thrown around as a marketing term with no real rigorous benchmarks behind it. It also completely misunderstands what PhDs actually do," Licato told CNET. xAI didn't immediately respond to a request for clarification or comment. Grok offers three tiers. The Basic plan is free and includes limited access to Grok 3, basic features like projects and tasks and limited tokens (building blocks of text that AI models use to process language). The SuperGrok plan costs $30 per month and unlocks increased access to both Grok 3 and Grok 4. It includes 128,000 tokens, context memory and additional features like voice with vision. For example, if you show Grok a photo or point a camera at something and ask about it out loud, it will analyze the image and generate a response. Then there's SuperGrok Heavy, priced at $300 per month, with access to Grok 4 Heavy (currently in exclusive preview), early access to new features and dedicated support. Grok 4 Heavy simultaneously deploys multiple AI agents -- which process tasks independently, work in parallel and cross-evaluate their outputs -- to collaborate on a query, comparing results to deliver the most accurate response. If you're on X, you can freely access Grok 3 or model 4 if you have an X Premium Plus subscription for $40 per month. Where Grok does and doesn't excel Because of all the claims Musk and his team made about Supergrok and its purported advanced scientist-grade reasoning, I decided to do some testing. I asked ChatGPT's o3 advanced reasoning model and Grok 4 the same "Koch snowflake" question (image below). Both chatbots reached the same mathematical results, but Grok 4 provided a more detailed, step-by-step explanation more suitable for learning, while ChatGPT offered a more concise, streamlined version, better for quick reference. ChatGPT was also 5 seconds faster. ChatGPT 3o on the left, Grok 4 on the right. ChatGPT / Grok / Screenshot by CNET Then I tested the image generation capabilities. ChatGPT gave a more realistic image, while Grok's resembled those typical Midjourney images that are more uncanny and kind of glossy. However, Grok produced two images and additional prompts on the bottom so I could enrich or change the image -- like watercolor style, and rainy alley -- and it generated the images in 21 seconds, while it took over a minute and a half for ChatGPT to make one image. ChatGPT's puppy on the left, and Grok's on the right. ChatGPT / Grok / Screenshot by CNET Tone is another differentiator. While ChatGPT, Perplexity and Claude tend to be neutral or overly polite, Grok is intentionally informal. Sometimes it's helpful, sometimes it's snarky, and sometimes it just goes too far. xAI pitches this as an advantage: a bot that isn't afraid to "tell you the truth," even if it's controversial. However, that approach got Grok in hot water just over a week ago with a series of now-deleted antisemitic posts on X, after which Grok was temporarily shut down. "We are aware of recent posts made by Grok and are actively working to remove the inappropriate posts. Since being made aware of the content, xAI has taken action to ban hate speech before Grok posts on X. xAI is training only truth-seeking and thanks to the millions of users on X, we are able to quickly identify and update the model where training could be improved," Grok tweeted on July 8. Grok's real-time access to X is both a strength and a risk, since the platform is known for hosting unmoderated or misleading content. Because of its reliance on X, Grok may amplify misinformation or reflect the platform's user biases more than models trained on broader data. When I asked Licato if he found that concerning, he agreed and added that he's not convinced Grok or the leadership behind it is doing anything to ensure responsible use of its technology. "Grok is marketed as more of a truth-teller than its competitors, and this is leading to a lot of people believing that it is somehow more reliable," Licato told CNET. "But I do not see any good evidence that this is actually true, and I worry that, since so much of the public does not know how easy it is to get LLMs to spout false information, they may just be aiding in the spreading of mis- and disinformation." Michael Berthold, CEO and co-founder of AI analytics company KNIME, told me he's concerned about the broader implications of AI chatbots rewriting or summarizing knowledge. "The worry I have, and I see it with my own kids, is how the next generation will be learning things," Berthold told CNET. "There will be so much content that's not going to be consumed in the original anymore, but in some sort of AI-rewritten, summarized form. Something can be lost, either accidentally or intentionally. We already see AI systems from different countries reflecting slightly different preferences." Grok's tone has also raised eyebrows. Some responses are laced with sarcasm or off-color jokes, which might appeal to Musk's fans but could turn off people expecting a neutral assistant. What's next for Grok? Grok has been somewhat of an overlooked AI chatbot, since it's confined to X. But as xAI continues to develop it, and Musk has also hinted that Grok is coming to Tesla vehicles as early as next week, at this point, its future looks ambitious. It's safe to assume Grok's integration into future versions of Optimus, Tesla's humanoid robot, as well. Grok is carving out a unique space in the AI arms race, especially with its provocative digital personality. With rapid advancements in the AI sphere, skepticism over this technology is rising, too.
