A DOGE staffer just leaked access to xAI’s AI brain

Just months after returning to government service following a controversial resignation, Department of Government Efficiency (DOGE) staffer Marko Elez is back in the spotlight — this time for exposing a sensitive API key tied to Elon Musk’s artificial intelligence company, xAI.

On Sunday, Elez published a GitHub repository containing “agent.py,” a script that inadvertently included a private key granting access to at least 52 of xAI’s large language models (LLMs). Spotted by Krebs on Security, the exposed models, which include the newly created “grok-4-0709,” form the backbone of Grok, the AI chatbot integrated into Musk’s X platform. The key was flagged by GitGuardian, a company that monitors public repositories for credential leaks.

Despite the repository being taken down quickly, the API key remains active, according to security consultant Philippe Caturegli, who first alerted Elez to the exposure. That means anyone who accessed the repository while it was live could still use the key to interface with xAI’s models directly — raising significant concerns about both corporate and government data security.

This is the second such leak involving a DOGE employee in recent months. Back in May, another member of DOGE reportedly exposed a private xAI key that offered access to LLMs trained on internal data from Tesla, SpaceX, and X. These repeated lapses point to deeper issues in operational security and highlight the blurry lines between Musk’s companies and the government agencies now increasingly relying on his infrastructure.

Elez, a 25-year-old with a history of questionable conduct, previously resigned from DOGE after being linked to racist and eugenicist social media posts. Yet he returned to the agency within weeks, aided by lobbying from Vice President J.D. Vance.

Since his retrun, Elez has cycled through roles across multiple high-level agencies, including the Social Security Administration, Department of Labor, Department of Homeland Security, and the Department of Justice. He has held access to sensitive databases involving immigration systems, financial records, and national security operations.

The latest leak comes at a particularly precarious time: Just days ago, the Department of Defense awarded a contract worth up to $200 million for Grok, despite the chatbot recently generating antisemitic responses and referencing Adolf Hitler. With trust in AI already fraying, the exposure of private keys that unlock critical infrastructure raises the stakes for both corporate accountability and federal oversight.

Elez’s ability to move freely between government departments — and now be tied to repeated security lapses involving Musk’s AI tools — underscores the growing entanglement between Silicon Valley and Washington. As DOGE’s role expands and xAI’s tools increasingly underpin federal systems, questions about vetting, cybersecurity hygiene, and conflict of interest are likely to grow louder.

So far, xAI has not revoked the exposed key, and neither DOGE nor Elez has issued a public response. But the larger issue may not be this one leak — it’s the system that allowed it to happen again.