Marko Elez, a 25-year-old worker at Elon Musk’s Department of Government Efficiency (DOGE), has been provided with permission to access sensitive databases at the U.S. Social Security Administration, along with the Treasury and Justice departments, as well as the Department of Homeland Security. Therefore, it should instill all Americans with a profound sense of reassurance to find out that Mr. Elez inadvertently revealed a private key over the weekend that permitted anyone to interact directly with over four dozen substantial language models (LLMs) developed by Musk’s artificial intelligence firm xAI.

On July 13, Mr. Elez uploaded a code script to GitHub named “agent.py” that contained a private application programming interface (API) key for xAI. The exposure of the private key was initially pointed out by GitGuardian, a firm specializing in identifying and rectifying exposed secrets in public and proprietary settings. GitGuardian’s technology continuously scans GitHub and other code repositories for exposed API keys and dispatches automated notifications to impacted users.

Philippe Caturegli, “chief hacking officer” at the security consultancy Seralys, stated that the compromised API key enabled access to at least 52 distinct LLMs utilized by xAI. The latest LLM in this collection was termed “grok-4-0709” and was developed on July 9, 2025.

Grok, the generative AI chatbot created by xAI and integrated into Twitter/X, depends on these and other LLMs (an inquiry to Grok prior to publication indicates Grok is currently utilizing Grok-3, which was introduced in February 2025). Earlier today, xAI declared that the Department of Defense will start using Grok as part of a contract valued at up to $200 million. This contract was awarded less than a week after Grok began making antisemitic remarks and referencing Adolf Hitler.

Mr. Elez did not reply to a request for comment. The code repository containing the private xAI key was taken down shortly after Caturegli alerted Elez via email. Nevertheless, Caturegli noted that the exposed API key remains functional and has yet to be revoked.

“If a developer is unable to keep an API key confidential, it raises concerns about how they manage considerably more sensitive governmental information behind closed doors,” Caturegli stated to KrebsOnSecurity.

Before joining DOGE, Marko Elez was employed by several of Musk’s ventures. His tenure at DOGE commenced at the Department of the Treasury, and a legal dispute regarding DOGE’s access to Treasury databases revealed that Elez was transmitting unencrypted personal data in breach of the agency’s regulations.

While still at Treasury, Elez resigned after The Wall Street Journal connected him to social media posts that endorsed racism and eugenics. When Vice President J.D. Vance advocated for Elez to be reinstated, President Trump consented and Musk restored his position.

Since his rehiring as a DOGE employee, Elez has been authorized to access databases at various federal agencies. TechCrunch reported in February 2025 that he was employed at the Social Security Administration. In March, Business Insider discovered that Elez was part of a DOGE division assigned to the Department of Labor.

In April, The New York Times reported that Elez occupied roles at the U.S. Customs and Border Protection and the Immigration and Customs Enforcement (ICE) agencies, as well as the Department of Homeland Security. The Washington Post subsequently reported that Elez, while acting as a DOGE advisor at the Department of Justice, had gained entry to the Executive Office for Immigration Review’s Courts and Appeals System (EACS).

Elez is not the first DOGE staff member to disclose internal API keys for xAI: In May, KrebsOnSecurity elaborated on how another DOGE employee leaked a private xAI key on GitHub for two months, compromising LLMs that were tailor-made for interacting with internal data from Musk’s enterprises, including SpaceX, Tesla, and Twitter/X.

Caturegli asserted that it’s challenging to trust someone with access to classified governmental systems when they cannot even handle basic operational security.

“One leak is an error,” he remarked. “But when the same type of sensitive key is exposed repeatedly, it’s not merely a stroke of bad luck; it signifies deeper carelessness and a flawed security culture.”