BeyondMachines :verified:<p>DOGE Employee exposes AI API Keys in source code, giving access to advanced xAI models</p><p>A Department of Government Efficiency (DOGE) employee exposed a private xAI API key on GitHub, providing unauthorized access to over 52 large language models. This is very concerning given the employee's extensive access to sensitive systems across multiple government agencies in the USA. This marks the second such xAI key exposure by DOGE personnel in recent months, indicating a pattern of operational security failures that indicate a broken security culture within the organization.</p><p>**Build a culture of not saving API keys, passwords, or any secrets directly into your code. Use environment variables or proper secret management tools instead. If leaking API key becomes a practice, consider stronger discipline and awareness measures, paired with technical scanners to detect secrets in code.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/incident" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incident</span></a> <a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataleak</span></a><br><a href="https://beyondmachines.net/event_details/doge-employee-exposes-ai-api-keys-in-source-code-giving-access-to-advanced-xai-models-k-l-q-0-o/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/doge-employee-exposes-ai-api-keys-in-source-code-giving-access-to-advanced-xai-models-k-l-q-0-o/gD2P6Ple2L</span></a></p>