May 2, 2011 - Tech media outlet KrebsOnSecurity published a blog post yesterday (May 1) reporting that Elon Musk's artificial intelligence company xA on GitHub by one of its employees.Inadvertently leaked one. API keys, a lapse that lasted nearly two months.
Philippe Caturegli, the "Chief Hacking Officer" from French security consulting firm Seralys, first exposed the issue on LinkedIn, and security firm GitGuardian then stepped in, with a system scan revealing that the key had access to a number of xAI's Large Language Models (LLMs), including unreleased versions of Grok chatbots (e.g. grok-2.5V) and custom models related to data from companies such as SpaceX and Tesla. models (LLMs) of xAI, including unreleased versions of the Grok chatbot (e.g. grok-2.5V) and customized models associated with data from SpaceX, Tesla, and others.
1AI cites a blog post that describes how GitGuardian notified the xAI employee involved via an automated alert as early as March 2, but the issue wasn't resolved until April 30 after contacting the xAI security team directly.
The key not only accesses public Grok models, but also private models such as "tweet-rejector" and "grok-spacex-2024-11-04" that are under development.
Carole Winqwist, head of GitGuardian's research team, warns that attackers who gain such access could manipulate models through prompt injection or even plant malicious code, threatening the security of the entire supply chain.