# DOGE Employee Leaks Private xAI API Key from Sensitive Database
A shocking revelation has come to light in the world of cybersecurity, as a staffer with access to the personal data of millions of Americans has apparently leaked the API key for at least four dozen large language models (LLMs) developed by artificial intelligence company xAI. The leaked key was exposed through a code script committed to GitHub, which included a private application programming interface (API) key for xAI by Marko Elez, an employee at Elon Musk's Department of Government Efficiency.
Elez had access to sensitive databases at the US Social Security Administration, Justice, and Treasury departments as part of DOGE's work in 'streamlining' these departments to increase efficiency. This arrangement has raised serious concerns about the security record of DOGE, given that researchers recently uncovered that a DOGE worker's credentials were exposed by infostealing malware.
The leaked API key allowed access to at least 52 different LLMs used by xAI, with the most recent being an LLM called ‘grok 4-0709’, created on July 9, 2025. This information was revealed by Chief Hacking Officer at security consultancy Seralys, Philippe Caturegli, who warned that if a developer cannot keep an API key private, it raises questions about how they're handling far more sensitive government information behind closed doors.
The code repository containing the private API key has since been removed after Elez was notified by email of the leak. However, the key still works and has not yet been revoked, leaving the issue far from resolved. This is not the first time internal xAI APIs have been leaked, with LLMs made for Musk's other organizations, like SpaceX, Tesla, and Twitter/X exposed earlier in 2025.
As Caturegli noted, "One leak is a mistake," but when the same type of sensitive key gets exposed again and again, it's not just bad luck – it's a sign of deeper negligence and a broken security culture. This incident highlights the importance of robust cybersecurity measures and secure handling of sensitive information in both government and private sectors.
# Save Up to 68% on Identity Theft Protection
TechRadar readers can now enjoy Aura's upfront pricing and simplicity, which includes a password manager, VPN, and antivirus. As a preferred partner, TechRadar editors praise Aura for making its security solution an even more compelling deal.
# Stay Informed with TechRadar Pro
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features, and guidance your business needs to succeed!