Marko Elez, a 25-year-old employee at Elon Musk’sDepartment of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk’s artificial intelligence companyxAI.

Image: Shutterstock, @sdx15.

On July 13, Mr. Elez committed a code script to GitHub called “agent.py” that included a private application programming interface (API) key for xAI. The inclusion of the private key was first flagged byGitGuardian, a company that specializes in detecting and remediating exposed secrets in public and proprietary environments. GitGuardian’s systems constantly scan GitHub and other code repositories for exposed API keys, and fire off automated alerts to affected users.

Philippe Caturegli, “chief hacking officer” at the security consultancySeralys, said the exposed API key allowed access to at least 52 different LLMs used by xAI. The most recent LLM in the list was called “grok-4-0709” and was created on July 9, 2025.

Grok, thegenerative AI chatbot developed by xAI and integrated intoTwitter/X, relies on these and other LLMs (a query to Grok before publication shows Grok currently uses Grok-3, which was launched in Feburary 2025). Earlier today, xAIannounced that the Department of Defense will begin using Grok as part ofa contract worth up to $200 million. The contract award came less than a week after Grok beganspewing antisemitic rants and invoking Adolf Hitler.

Mr. Elez did not respond to a request for comment. The code repository containing the private xAI key was removed shortly after Caturegli notified Elez via email. However, Caturegli said the exposed API key still works and has not yet been revoked.

“If a developer can’t keep an API key private, it raises questions about how they’re handling far more sensitive government information behind closed doors,” Caturegli told KrebsOnSecurity.

Prior to joining DOGE,Marko Elez worked for a number of Musk’s companies. His DOGE career began at the Department of the Treasury, and a legal battle over DOGE’s access to Treasury databases showed Elez was sending unencrypted personal informationin violation of the agency’s policies.

While still at Treasury, Elez resigned afterThe Wall Street Journallinked him to social media posts that advocated racism and eugenics. WhenVice President J.D. Vance lobbied for Elez to be rehired,President Trump agreed and Musk reinstated him.

Since his re-hiring as a DOGE employee, Elez has been granted access to databases at one federal agency after another.TechCrunchreported in February 2025 that he was working at the Social Security Administration. In March,Business Insiderfound Elez was part of a DOGE detachmentassigned to the Department of Labor.

Marko Elez, in a photo from a social media profile.

In April,The New York Timesreported that Elez held positions at theU.S. Customs and Border Protection and theImmigration and Customs Enforcement (ICE) bureaus, as well as the Department of Homeland Security.The Washington Post laterreported that Elez, while serving as a DOGE advisor at theDepartment of Justice, had gained access to the Executive Office for Immigration Review’s Courts and Appeals System (EACS).

Elez is not the first DOGE worker to publish internal API keys for xAI: In May, KrebsOnSecuritydetailed how another DOGE employee leaked a private xAI key on GitHub for two months, exposing LLMs that were custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X.

Caturegli said it’s difficult to trust someone with access to confidential government systems when they can’t even manage the basics of operational security.

“One leak is a mistake,” he said. “But when the same type of sensitive key gets exposed again and again, it’s not just bad luck, it’s a sign of deeper negligence and a broken security culture.”


61 thoughts on “DOGE Denizen Marko Elez Leaked API Key for xAI

  1. William Cochran

    Musk and Trump hire only the best. I doubt there will be any repercussions for his sloppy and dangerous disregard for security.

    1. Tim

      Not when those who should hand out the repercussions are clueless, above the law, can do no wrong, and couldn’t care less about who they hurt, even when it’s themselves.

      1. mealy

        “Russians don’t take a dump without a plan, son.”
        -Former US Presidential candidate Fred Thompson, ‘acting’
        “One ping, one ping only” Proceeds to send two pings.
        Everyone knows you can’t trust a Marko Buckaroo.

    2. What_Me_Worry?

      Looks like now we have Alfred E. Neuman running the show…

      1. Fr00tL00ps

        Now that’s just MAD… I nearly wet myself when I saw this comment! 😀

      2. Howlin' Nate

        Alfred E. Neuman for president! We could do worse.

        1. What_Me_Worry?

          Separated at birth… AmIrite? 🙂

  2. Ange

    Geez…appalling. Will we hear about any exfiltration of data from govt databases, or is everyone on the wrecking team now?
    Just one question; how do you “revoke” an API key? Replace maybe? (Revocation is possible for X.509 public keys)

    1. Dave M

      Hopefully the application has a way to deny the key. I’m not a developer but you could have a deny list and refuse any connections from keys in the deny list. Also terminate any active sessions using that key.

      1. Guillaume Seguin

        @Dave M Yes, that’s how you do it. There is a list of active keys, you remove the compromised key from the list. If it’s not done quickly, then it’s probably because it is “hard to change” (hardcoded in several places) or the key owner does not care. Worse, they might think that it is safe again now that it was “removed”.

      2. little peanut

        Remembering how, in the olden days of ‘such terrible security’, i.e. the 1990s through some time in the late 2000’s, many firewall rules actually required an IP to match a key to be able to connect to an application. I guess they don’t do that anymore, since everything is so webbed up now. LMAiO.

    2. Wayne

      There’s already been evidence of data being exfiltrated to Russia. Started very early on, I believe it was from Treasury. It was detected and shut down.

  3. AJ North

    Perhaps some enterprising hacker with a progressive streak will obtain and leak the personal financials of the current regime, starting with the Tangerine Caligula (and its entire family), Hillbilly Vance and the whole cabinet — straight through to the five Republican appointees of the Supreme “Court” (five by presidents who lost the popular vote).

    1. JA South

      Does it make you feel better about yourself to call other people names?

      1. JA South's conscience

        Cry harder, magat.

      2. AJ North

        “Does it make you feel better about yourself to call other people names?”

        Oh, do you mean like the convicted felon – and adjudicated rapist – does virtually every single day (using vulgar, disgusting and obscene language in barely coherent sentences with syntax that would embarrass a grammar school child)?

    2. JA South

      Does it make you feel better about yourself when you call other people names?

      1. Peter Aretin

        Repeat it a third time for effect.

  4. Billy Joe

    It’s pretty bad when your pet beagle is smarter than the smartest people in government.

  5. SilverMarc

    Young, dumb, and full of scum.

  6. CJ

    DOGGY DUMB.

  7. mealy

    bleepingcomputer.com/news/security/russian-pro-basketball-player-arrested-for-alleged-role-in-ransomware-attacks/

    Marko can’t even dunk.

  8. Concerned Reader

    “So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key”

    I used to read your articles due to the non-biased nature. Now I feel like I’m reading an article from Foxnews or CNN.

    Sad….

    1. Disputoincognito

      Ah yes, the sacred neutrality test: if something mildly inconveniences my worldview, it must be propaganda. Look, if your political compass is so wobbly that a cybersecurity report makes you cry “partisan hit piece,” maybe it’s not the article…

      Brian literally reported a dude leaking a private key, and you interpreted it as a political betrayal. That’s not bias, that’s you projecting your own tribal lens onto reality like it’s a Rorschach test. But sure, let’s cancel Krebs for… reporting the news. Classic.

    2. bob

      Wondering what your reaction would be to a report of repeated colossal comsec blunders by a regular civil service employee?

    3. TC

      Where’s the bias in that statement?

    4. Mizunderstood

      I agree w/you 100% some simply can’t help themselves

    5. mealy

      I’m concerned about your reading skills too.

    6. Bro

      Say what you want, but Krebs has been relentlessly consistent for years… Calling out cyber threats whichever side they come from.

    7. Joe Blow

      What is the bias in that statement? A bias against blatant incompetence among those with access to enormous troves of sensitive information? Yeah, I guess a lot of us are biased. We should really examine our prejudices more carefully…

  9. Marty Barron

    I think we are looking at a process issue. Its true the security aspect is involved but the root of the problem is the process they use to post code on GitHub, they need to refine the process to avoid this kind of mistake.

    1. Brad Ackerman

      It takes longer to select a vendor and give them a credit card number than to actually enable repository governance. Secret scanning pre-commit and second approver enforcement are the bare minimum anyone should have for production.

  10. Ham

    Brian, you used to be non-partisan and non-political, but now we’re seeing your true colors emerge. It’s fine to publish the screw ups of these so-called experts, but when you throw in the stupid political jabs, it ruins the article. Too bad; your articles used to be worth reading.

    1. BrianKrebs Post author

      Not sure how you came away with the conclusion that this is somehow a story about right/left politics. Nevertheless, I release you from your subscription. Be well.

      1. DWalton

        I don’t see the “political jabs” in your report, as was mentioned by a previous comment.
        I do see a report on sloppy incompetence, or worse, criminal behavior with critical consequences for all of us.
        It is important to report on it regardless of who may be offended or who the sloppy criminals are connected to. Keep up the investigation and reporting, Brian.

        1. mealy

          Ham is just being a crybaby. If his complaints are that thin his skin must be like rice paper.

      2. Sh3

        They want you to be a “news reporter” that publishes “just the facts”, once you give your opinion as an expert it suddenly crosses the line, as though they couldn’t draw the conclusion themselves, which is apparently the case. Keep up the good work.

    2. Disputoincognito

      Oh no! Brian used sarcasm. Sound the alarm! Apparently pointing out that government officials leaking an API key might not instill public confidence is now a full-blown political manifesto. Incredible.

      But thank you for your bravery in calling out this injustice. Truly, the real victim here is your feelings. Not the compromised API key, not the laughable opsec no, it’s you, because Brian dared to say something that vaguely pricked your partisan bubble. Stay strong, soldier.

    3. LEGEND_API

      Really ham!! Its amazing to see your lack of reading and understanding. You are the problem with this country. When people like you try to politicize everything. Facts are facts get use to it dude

    4. rowan hoeren

      Oh, no, did your feelings get hurt, snowflake?
      The true colors of being appalled by the lack of professionalism of the current administration?
      That’s the color of anyone with a functioning brain.

    5. mealy

      “Waaaah, he pointed out incompetence and fraud in the Trump administration, waaaaah.”

      Grow up baby.

    6. LadsOnToure

      What is the political jab in the piece?

    7. DK

      Just curious Ham, when did careless idiots become a political party, and better yet one free from criticism of their misdeeds?

      1. Joe Blow

        “…when did careless idiots become a political party…”

        It’s hard to point to a specific date, but sometime around when Trump started winning primaries in the 2016 race.

        …now THAT was a stupid political jab. See the difference, Ham?

  11. Ddog

    Brian, thank you for the reporting. It’s sad that reporting inconvenient facts about API key leaks and lapses in security at the highest levels is seen as political.

    Keep up the good work.

  12. Mat

    I would like to think this person would be removed the moment this was found out. This is not only extremely dangerous but seems like a malicous actor. Anyone in the Tech field this looks and feels like malicous inside actor. This person needs to be removed and investigated.

  13. Matt

    This person seems like they are a malicous actor. Something we in the tech field worry about. He should be removed and investigated. You dont accidentally do this sort of thing. This is a deliberate act and it would be grounds for investigations.

    1. Brad Ackerman

      If he wanted to grant access to 3PLA, he could just grant their users access to the model or email them the API keys. This behavior is totally consistent with the incompetent chūni clowns in Elon’s entourage.

    2. mealy

      “grounds for investigations”

      Oh, Pam Bondi and Kash Patel will put down their Nintendo Switch and get right on that, I’m sure.

  14. Charles

    In one of Brian’s earlier reports his source noted within minutes of DOGE folks being given administrator access there was at least one login from an IP geolocated to Moscow (if memory serves me correctly). It passes the “reasonable person on the street test” that government systems have been breached, data exfiltrated, and stealthware installed, courtesy the carelessness of DOGE staffers. They do not seem to be the sharpest knives in the draw and, ironically, I wonder how many of them will omit “Worked for DOGE” from their LinkedIn bios?

  15. ReadandShare

    So the kid is some combination of careless/incompetent but the one quality demanded by this administration, he likely has in spades: loyalty/obedience! He has a fine career ahead of him – or at least the next 3.5 years.

    1. mealy

      Don’t forget hateful racial supremacist / nazi propaganda.

      newsweek.com/fact-check-donald-trump-adolf-hitler-viral-quote-comparison-accurate-1843501

      1. Rich

        Yes, I would imagine they are a very highly trusted contractor for DHS/ICE, searching all government databases for targeting ethno-cities or whatever. Im ursprünglichen Chelsea Football Trikot ist alles legal.

  16. Charles

    Wasn’t this guy fired for saying pretty racist stuff online?

  17. Charles

    Wasn’t this guy fired for saying pretty racist stuff online?

    1. Joe Blow

      Yep. Then he was re-hired through the collaboration of Musk and Trump (back before their bromance ended), with Vance chiming in to avoid feeling left out of the pro-eugenics bandwagon.

      1. mealy

        Eugenics, genetics, it’s all kinda futuristic right? Easy mistake even for a time traveler.

  18. VoiceOfReason

    “Any sufficiently advanced incompetence is indistinguishable from malice.” At some point this carelessness around cybersecurity goes beyond oversight and inexperience. It has to be winked at and excused by people who should know better. Homie should have stayed fired, because he obviously has no business handling classified/sensitive information. Were he working for any private enterprise, he would have been handed his hat long ago – but this ‘organization’ (i use that term ironically) seems to be happy to let him continue. As a taxpayer, I’m offended. As an IT professional, I’m appalled.

  19. BvR

    Trump said he never hires anybody smarter than himself.
    Very, very few qualify.

  20. RandomProgrammer

    This has gotta be some kind of criminal negligence.

    Storytime: I did a summer internship at a DoD contractor doing software engineering. On Day 1, I was told in no uncertain terms that as an engineer of record, I could be held liable or prosecuted for computer crimes, should I fail to meet certain basic security requirements for certain computer systems.

    Fortunately, they made it real simple – You classify information, and then you protect it using appropriate controls for the classification level.

    1. Classification:https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf
    2. Controls:https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.200.pdf

    These are not “best practices” or “nice-to-haves”. These are the Minimum Requirements. This is the “For Dummies” guide. This was the stuff they bothered to tell the piddly little summer intern who was only gonna be there for a couple months, and probably wasn’t gonna work on anything consequential anyways.

    To wit – one of the Minimum Security Requirements listed is the requirement to train personnel on this stuff before anybody gets access in the first place. (See FIPS-200 Section 3, Requirements AC and AT).

    Meanwhile… hardcoding an API key, committing&pushing to a publicly-accessible remote, and then failing to revoke&rotate when notified?! How about we start with FIPS-200 Section 3, Requirements AC, CM, IA, IR, PS, SA, SI before moving onto any specific rules or regulations that might further protect SSA/Treasury/Justice dept computers *in particular*! (Yikes!!!)

  21. Quid

    Looks like the wrong DOGE (ex)team member got the beat down in DC.

Comments are closed.