DOGE staffer with access to Americans’ personal data leaked private xAI API key

A significant security incident has emerged involving a DOGE staff member who inadvertently leaked a private API key, which could potentially compromise the personal information of millions of Americans stored by the U.S. government. According to independent security journalist Brian Krebs, Marko Elez, a special government employee with recent roles at the U.S. Treasury, Social Security Administration, and Homeland Security, published sensitive code on his GitHub account that included this critical API key. This key provided access to various models created by xAI, including the well-known Grok chatbot. Philippe Caturegli, the founder of the consultancy firm Seralys, was quick to inform Elez about the breach earlier this week. Although Elez took prompt action to remove the key from his GitHub repository, it remained active, allowing continued access to the AI models. Caturegli raised serious concerns regarding the implications of this leak, stating, “If a developer can’t keep an API key private, it raises questions about how they’re handling far more sensitive government information behind closed doors.” This incident highlights the urgent need for enhanced security measures in handling sensitive data and API management.