- A security researcher has discovered a concern of the API API key
- According to the reports, the leak comes from Doge Marko Elez staff
- This is not the first security problem that originates in Doge
A staff member with access to the personal data of millions of Americans has apparently leaked the API key for at least four dozen LLM developed by the XAI artificial intelligence company, including the Chatbot Grok itself of X (previously Twitter).
Security expert Brian Krebs revealed that Marko Elez, an employee of the Efficient Efficient Department of Elon Musk, had access to sensitive databases in the departments of the Social Security, Justice and Treasury Administration of the United States as part of Doge’s work in ‘rationalize’ the departments to increase efficiency.
Ironically, the researchers recently discovered that the credentials of a Dux worker were exposed by infested malware, so the Dege security record until now is less than impressive.
Grok exposed
A code script with Github called ‘Agent.py’ that included a private application programming interface (API) for XAI by Elez was committed. This was first marked by Gitguardian, a firm that scan Github for API Secret Tokens, Credentials of Databases and Certificates, and alert to the affected users.
The exposed API key allowed access to at least 52 LLM different used by XAI, and the most recent was a LLM called ‘Grok 4-0709’, created on July 9, 2025, according to the Piracy Director of the Security Consultant Serras, Philippe Caturegli.
Catulli warned Krebsensecury: “If a developer cannot maintain an API key in private, he raises questions about how they are handling government much more sensitive government information.”
The code repository contained in the private API key has been eliminated after ELEZ was notified by filtration email, however, the key still works and has not yet been revoked, so the problem is far from solving.
This is not the first time that the internal APIs of XAI are filtered, with LLM made for other Musk organizations, such as Spacex, Tesla and Twitter/X exhibited previously in 2025, Krebs confirmed.
“A filtration is a mistake,” said Catuli, “but when the same type of sensitive key is exposed again and again, it is not just bad luck, it is a more deep negligence signal and a broken security culture.”
