Latest news with #Elez
Tom's Guide
3 days ago
- Tom's Guide
A leaked xAI security key could put your data at risk — here's what happened
A federal government employee has reportedly leaked a sensitive API key linked to Elon Musk's xAI platform — and it could have serious implications for both national security and the future of AI development. According to a report from TechRadar, Marko Elez, a 25-year-old software developer with the Department of Government Efficiency (DOGE), accidentally uploaded xAI credentials to GitHub while working on a script titled That key granted access to at least 52 private large language models from xAI, including the latest version of Grok (grok‑4‑0709), a GPT-4-class model powering some of Musk's most advanced AI services. The exposed credentials remained active for a concerning period of time, raising major questions about access control, data security, and the growing use of AI across U.S. government systems. Elez had high-level clearance and access to sensitive databases used by agencies like the Department of Justice, Homeland Security and the Social Security Administration. If the xAI credentials were abused before being revoked, it could open the door to misuse of powerful language models, from scraping proprietary data to impersonating internal tools. This incident follows a string of DOGE-related security lapses and adds to a growing chorus of criticism over how the agency; formed under Elon Musk's influence to improve government efficiency, manages internal safeguards. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. The leaked key was embedded in a GitHub repository owned by Elez and exposed publicly. It provided backend access to xAI's model suite, including Grok-4, without any apparent usage restrictions. Researchers who discovered the leak were able to confirm its validity before the repository was taken down, but not before it could have been scraped by others. The most recent Grok models are used not only for public-facing services like X (formerly Twitter) but also within Musk's federal contracts. This means the API leak may have inadvertently created a potential attack surface across both commercial and governmental systems. This is a warning sign that AI tools with enormous power are being handled casually, even those held by government insiders. Philippe Caturegli, CTO at cybersecurity firm Seralys, told TechRadar: 'If a developer can't keep an API key private, it raises questions about how they're handling far more sensitive government information behind closed doors.' Elez has been involved in previous DOGE controversies, including inappropriate social media behavior and apparent disregard for cybersecurity protocols. At the time of writing, xAI has not issued a statement, and the leaked API key has not been officially revoked, according to reports. So as of now, xAI hasn't disabled that key, making it a continuing security government officials and watchdogs are calling for stricter credential management policies and better oversight of tech collaborations involving high-stakes AI infrastructure. While this breach may not immediately affect the average user, it highlights a broader issue: the increasingly blurred lines between public and private AI development, and the very real need for transparency, accountability, and better data hygiene in both sectors. For now, the key takeaway is this: as AI systems become more powerful, the humans behind them must be even more careful. As we are already seeing, one careless upload could unlock a world of Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
TechCrunch
5 days ago
- TechCrunch
DOGE staffer with access to Americans' personal data leaked private xAI API key
In Brief A DOGE staffer with access to the private information on millions of Americans held by the U.S. government reportedly exposed a private API key used for interacting with Elon Musk's xAI chatbot. Independent security journalist Brian Krebs reports that Marko Elez, a special government employee who in recent months has worked on sensitive systems at the U.S. Treasury, the Social Security Administration, and Homeland Security, recently published code to his GitHub containing the private key. The key allowed access to dozens of models developed by xAI, including Grok. Philippe Caturegli, founder of consultancy firm Seralys, alerted Elez to the leak earlier this week. Elez removed the key from his GitHub but the key itself was not revoked, allowing continued access to the AI models. 'If a developer can't keep an API key private, it raises questions about how they're handling far more sensitive government information behind closed doors,' Caturegli told KrebsOnSecurity.
Boston Globe
16-04-2025
- Business
- Boston Globe
Musk's team is building a system to sell ‘Gold Card' immigrant visas
In late February, Trump announced his idea for a gold card to give 'very high-level people' a 'route to citizenship.' Advertisement The president and Commerce Secretary Howard Lutnick provided few details at the time about who would qualify for the program but noted that it would replace the EB-5 visa, which grants permanent residence to foreign nationals willing to invest in U.S. businesses. That program provided green cards to individuals who invested either $800,000 or $1.05 million, creating at least 10 jobs for American workers. It raised about $4 billion for the federal government last year. Get Starting Point A guide through the most important stories of the morning, delivered Monday through Friday. Enter Email Sign Up The gold card project is being led from the DOGE side by Marko Elez and Edward Coristine, who have been working on it since at least last month. Elez and Coristine have met with officials at various agencies that oversee facets of the visa and immigrant vetting process to understand which existing processes can be incorporated into their new system. Advertisement The State Department referred requests for comment to the White House. The White House and Department of Homeland Security did not respond to requests for comment. Lutnick said on a podcast last month that he had sold 1,000 of the visas 'yesterday.' But a person close to the project said no money had been exchanged yet. 'So if you have a gold card -- which used to be a green card -- you're a permanent resident of America,' the commerce secretary said, suggesting that most holders would not go on to become U.S. citizens. He added, 'They pay $5 million, and they have the right to be an American and the right to be in America as long as they're good people and they're vetted and they can't break the law.' Musk is building the software 'right now' and the program will be unveiled in two weeks, Lutnick added. Earlier this month, Trump showed a laminated card, featuring his face, the Statute of Liberty and a bald eagle, to reporters aboard Air Force One and said it would be out in 'less than two weeks.' On Thursday, Lutnick updated the timeline, saying the gold card would be ready 'within a week and a half.' The engineers are still assessing how to create a gold card system that would bypass the normal visa application process, which varies but can take years. They have focused on how to expedite the typical immigrant vetting process, which involves interviews and background checks, and obtain residency approval for high-net-worth applicants within two weeks of applying. Elez faced a storm of controversy earlier this year after The Wall Street Journal linked him to a pseudonymous account on social platform X with racist posts and calls for immigration policy based on eugenics. Advertisement Elez resigned in February after the report, prompting Trump and Vice President JD Vance to call for his rehiring. Since then, Elez has worked for five government agencies, including the Labor Department and Department of Health and Human Services, according to court filings, as well as the Social Security Administration. Before joining Musk's team, Coristine, a 19-year-old who publicly goes by 'Big Balls,' was fired in June 2022 from an internship at Path, an Arizona-based data security company, after 'an internal investigation into the leaking of proprietary company information that coincided with his tenure,' the company said in a statement. Joe Gebbia, a billionaire co-founder of Airbnb, has also been involved with the project, according to people close to the conversations. He joined Musk's team in February, initially to help digitize the federal worker retirement process. Elez, Coristine and Gebbia did not respond to requests for comment. This article originally appeared in
Yahoo
01-04-2025
- Politics
- Yahoo
DOGE staffer who resigned over past social media posts reinstated with higher access: Filing
A Department of Government Efficiency (DOGE) staffer who resigned over racist posts that resurfaced on social media last month was reinstated to oversee the slashing of waste, fraud and abuse in March under the agency led by Elon Musk, according to court filings. Marko Elez, 25, allegedly relinquished access to sensitive systems being reviewed by DOGE in early February as divulged by the White House. However, he was listed as a staffer in a lawsuit that required the Trump administration to reveal the identity of the agency's hired workers. Legal documents categorize Elez as a Department of Labor employee detailed to the United States DOGE Service and Department of Health and Human Services (HHS) since March 5. Filings say he had access to the federal directory of new hires, general ledger accounting system and contract writing system at HHS. 'Mr. Elez was granted read-only access to the above-listed systems in furtherance of the DOGE EOs [executive order] directive to identify waste, fraud, and abuse and to modernize government technology and software to increase efficiency and productivity,' according to court documents. 'Mr. Elez's access to the above referenced CMS systems has been disabled. Mr. Elez has not modified, copied and shared with any unauthorized users, or removed any records from any of the systems he has actually accessed,' it reads. 'There are currently no pending requests to grant Mr. Elez access to other sensitive systems at HHS, nor has Mr. Elez been denied access to any systems at HHS.' The documents confirm that Musk's intent to rehire Elez as a staffer was affirmed. 'He will be brought back,' the tech giant wrote on X amid emerging reports of the 25 year old urging the public to 'Normalize Indian hate' in a deleted post. Vice President Vance, whose wife is Indian, also supported Elez's return. 'Here's my view: I obviously disagree with some of Elez's posts, but I don't think stupid social media activity should ruin a kid's life,' the vice president said on social platform X, referring to the staffer Marko Elez. 'We shouldn't reward journalists who try to destroy people. Ever. So I say bring him back.' 'If he's a bad dude or a terrible member of the team, fire him for that,' he added. When Elez resigned from DOGE in February, the Treasury Department issued a statement saying that Elez was given 'read-only' access to the highly sensitive payment systems, despite numerous reports indicating that he had the ability to rewrite the payment system base code. The White House did not immediately respond to The Hill's requests for comment on Elez's reinstatement at DOGE. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
The Hill
01-04-2025
- Politics
- The Hill
DOGE staffer who resigned over past social media posts reinstated with higher access: Filing
A Department of Government Efficiency (DOGE) staffer who resigned over racist posts that resurfaced on social media last month was reinstated to oversee the slashing of waste, fraud and abuse in March under the agency led by Elon Musk, according to court filings. Marko Elez, 25, allegedly relinquished access to sensitive systems being reviewed by DOGE in early February as divulged by the White House. However, he was listed as a staffer in a lawsuit that required the Trump administration to reveal the identity of the agency's hired workers. Legal documents categorize Elez as a Department of Labor employee detailed to the United States DOGE Service and Department of Health and Human Services (HHS) since March 5. Filings say he had access to the federal directory of new hires, general ledger accounting system and contract writing system at HHS. 'Mr. Elez was granted read-only access to the above-listed systems in furtherance of the DOGE EOs [executive order] directive to identify waste, fraud, and abuse and to modernize government technology and software to increase efficiency and productivity,' according to court documents. 'Mr. Elez's access to the above referenced CMS systems has been disabled. Mr. Elez has not modified, copied and shared with any unauthorized users, or removed any records from any of the systems he has actually accessed,' it reads. 'There are currently no pending requests to grant Mr. Elez access to other sensitive systems at HHS, nor has Mr. Elez been denied access to any systems at HHS.' The documents confirm that Musk's intent to rehire Elez as a staffer was affirmed. 'He will be brought back,' the tech giant wrote on X amid emerging reports of the 25 year old urging the public to 'Normalize Indian hate' in a deleted post. Vice President Vance, whose wife is Indian, also supported Elez's return. 'Here's my view: I obviously disagree with some of Elez's posts, but I don't think stupid social media activity should ruin a kid's life,' the vice president said on social platform X, referring to the staffer Marko Elez. 'We shouldn't reward journalists who try to destroy people. Ever. So I say bring him back.' 'If he's a bad dude or a terrible member of the team, fire him for that,' he added. When Elez resigned from DOGE in February, the Treasury Department issued a statement saying that Elez was given 'read-only' access to the highly sensitive payment systems, despite numerous reports indicating that he had the ability to rewrite the payment system base code. The White House did not immediately respond to The Hill's requests for comment on Elez's reinstatement at DOGE.
