xAI Dev Accidentally Leaks Private Key Granting Access to SpaceX, Tesla, and X LLMs

A security lapse at Elon Musk’s artificial intelligence venture, xAI, has exposed proprietary large language models (LLMs) tailored for internal use by SpaceX, Tesla, and Twitter/X.

For nearly two months, a private API key was publicly accessible on GitHub, potentially allowing unauthorized access to sensitive AI models and internal datasets.

Incident Overview and Timeline

The breach originated from a technical staff member at xAI who inadvertently committed a .env file containing an API key to a public GitHub repository.

This key, meant for internal use, granted access to at least 60 private and fine-tuned LLMs, including unreleased versions of xAI’s Grok chatbot and models specifically trained on proprietary SpaceX and Tesla data.

• March 2, 2025: GitGuardian, a company specializing in secret detection, alerted the xAI developer about the exposed API key.
• April 26, 2025: Philippe Caturegli, Chief Hacking Officer at Seralys, publicly disclosed the leak on LinkedIn, escalating the issue.
• April 30, 2025: After no remediation, GitGuardian directly notified xAI’s security team; the key remained active.
• May 1, 2025: The compromised GitHub repository was finally removed after external pressure.

Technical Details and Potential Exploits

The leaked API key provided programmatic access to the xAI API, allowing anyone with the key to impersonate the legitimate user and interact with both public and private LLMs.

Notably, the credentials enabled queries to unreleased models such as grok-2.5V, development builds like research-grok-2p5v-1018, and specialized internal models (tweet-rejector, grok-spacex-2024-11-04).

Security Risks

• Prompt Injection: Attackers could exploit the backend interface to perform prompt injection attacks, manipulating model outputs or extracting confidential information.
• Supply Chain Attacks: Direct access to backend APIs raises the risk of attackers implanting malicious code or altering model behavior, potentially compromising downstream applications.
• Data Exfiltration: With access to models fine-tuned on proprietary data, attackers could attempt to extract sensitive operational or developmental information from SpaceX, Tesla, or Twitter/X datasets.

Response and Industry Implications

Despite early warnings, xAI failed to revoke the exposed key for almost two months, highlighting weaknesses in key management and incident response.

The company eventually removed the repository after public disclosure, but did not issue a public statement.

Security experts emphasize the need for:

• Automated secret scanning across all code repositories
• Rapid incident response and key rotation policies
• Restricting API key permissions and monitoring usage logs
• Regular security awareness training for developers

Broader Context

The leak comes amid broader concerns about the security of AI systems handling sensitive data.

Musk’s Department of Government Efficiency (DOGE) has reportedly been feeding government records into AI tools, raising further questions about operational security and data privacy.

While there is no evidence that the leaked key was exploited for malicious purposes, the incident underscores the persistent risks of secret exposure in high-stakes AI environments.

It also highlights the potential for prompt injection and targeted disinformation attacks, especially when LLMs are fine-tuned on sensitive or proprietary data.

The xAI API key leak serves as a cautionary tale for the AI industry, demonstrating how a single oversight in secret management can jeopardize proprietary technology and sensitive data.

As LLMs become integral to critical infrastructure and business operations, robust security practices and vigilant monitoring are essential to safeguard intellectual property and maintain trust.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates