An errant GitHub commit by a DOGE staffer included an API key that granted access to over four dozen AI models under development by Elon Musk’s xAI, according to security firm GitGuardian. The update took place on July 13 and the key was reportedly removed shortly after the staffer was notified by email, but security researchers report that as of the following day it had not been revoked and was still functioning.
The update came from Marko Elez, one of the more controversial DOGE figures who has previously made news for being removed from the project and then reinstated after political intervention. Elez is a longtime employee of Musk’s companies and has recently been linked to DOGE cost-cutting projects at the Social Security Administration and the Department of Labor.
Second known instance of an X API key being leaked via GitHub
The API key allows interaction with at least 52 large language AI models (LLMs) that are in development at Musk’s xAI, many of these in turn used by the “Grok” AI available through the X social media platform. The errant GitHub commit consisted of a code script called “agent.py” that was flagged by GitGuardian, which continually scans the site for exposed credentials and notifies owners when they are found.
This is not the first controversy that Elez has been involved in. A March lawsuit over DOGE’s cuts to the US Treasury revealed that he had emailed unencrypted spreadsheets containing personal information to two other DOGE staffers while he was tasked with examining the agency’s payments system. This came just weeks after he had resigned from the project due to the public exposure of an old social media account in which he referred to himself as a racist, called for a repeal of the Civil Rights Act and insisted that H1B immigrant tech workers would soon be replaced by “slightly smarter LLMs” among other questionable posts. He was brought back on board in February after Vice President JD Vance called for giving him a second chance and Elon Musk ran an X poll on his rehiring that resulted in 78% approval from participating users.
This is also not the first time a DOGE staffer has leaked an xAI API key. In late April, the security firm Seralys discovered another key stashed away in a GitHub repository that granted access to some 60 Grok AI models, including private versions in development and some that appeared to be trained on Tesla and SpaceX internal data. That API key appears to have been available for some two months prior to discovery by the security researchers, raising serious questions about who else might have come across it during that time.
AI models may have connections to defense department
The news comes just as Musk’s “frontier” AI models have been made available to all federal agencies via the General Services Administration’s schedule, under a $200 million ceiling contract. Musk announced that existing tools such as Grok 4, Deep Search, and Tool Use as well as “unique capabilities” (such as custom applications for national security and health care) will be made available to government clients.
It also comes as Grok has recently displayed some concerning behavior, not the least of which was declaring itself “MechaHitler” and joking about sexually assaulting a progressive activist who commonly gets into flame wars on X. Just prior to the release of the new Grok 4, the prior Grok 3 model that interacts with users on X seems to have slipped safety guardrails somehow and began crashing out after users confronted it with offensive anti-white posts about the Texas flood deaths that appeared to originate from a fake troll account posing as a Jewish woman. Musk said in a post that the incident was caused by Grok being set to be “too compliant” and too eager to please users, and that it had been adjusted. X CEO Linda Yaccarino resigned shortly after this incident, though it is not clear if this had any connection to the Grok outbursts or other issues related to AI models.
The API key leaks and the new contract also come amidst a general falling-out between President Trump and Musk, who appeared to be thick as thieves during the early going of the administration before Musk abruptly began criticizing Trump’s direction in spending with his “Big Beautiful Bill.” This prompted Trump to accuse Musk of being mad that EV credit programs that benefit Tesla were ending, and Musk to accuse Trump of complicity in a cover-up of the Epstein records (in a since-deleted post) and to form his own political party that he says will focus on capturing select Congressional seats that could wield disproportionate influence in close votes.
Gabrielle Hempel, Security Operations Strategist and Threat Intelligence Researcher for the Exabeam TEN18 Team, notes that there are implications to this development: “This is what happens when national security intersects with unchecked tech ego and zero operational discipline. You’ve got someone with access to sensitive government systems casually leaking API keys for LLMs that are now embedded in defense infrastructure. That’s not a DevSecOps hiccup-it’s a complete breakdown of access control, personnel vetting, and governance. The bigger concern is that it keeps happening. Why hasn’t the key been revoked? Why is someone with a documented history of violating security policy still being handed the keys to federal systems? And who’s actually overseeing how commercial AI is being integrated into our sensitive environments? If we’re going to integrate third-party LLMs into national security workflows, the bare minimum is independent, continuous security auditing and monitoring. Otherwise, we are heading straight toward a massive breach at scale.”
Randolph Barr, CISO at Cequence, adds: “This is a textbook example of something we talk about often: even highly trusted, technically trained individuals can make mistakes that lead to serious exposure. What’s worth stressing here is that this kind of issue is completely detectable with the right combination of tools and processes. Tools like GitGuardian, TruffleHog, and Gitleaks can automatically scan repositories for secrets. Secrets managers like Vault or AWS Secrets Manager help prevent this issue in the first place by keeping credentials out of code entirely. However, detection only works if you have the right tools in place, they’re properly configured, and there’s a clear and responsive process to handle alerts when something goes wrong. In this case, either the detection tooling wasn’t there, or alerts didn’t get escalated-or worse, were ignored. It’s a good reminder that tech alone isn’t enough. Without a strong feedback loop between detection and response, these kinds of exposures slip through. Something else that’s important to note is this wasn’t just about AI infrastructure. The staffer reportedly had access to government databases at SSA, Treasury, DOJ, and DHS-so the potential implications go well beyond just xAI.”

