{"id":34565,"date":"2025-05-02T14:04:15","date_gmt":"2025-05-02T06:04:15","guid":{"rendered":"https:\/\/www.1ai.net\/?p=34565"},"modified":"2025-05-02T14:04:15","modified_gmt":"2025-05-02T06:04:15","slug":"xai-%e5%91%98%e5%b7%a5%e5%a4%b1%e8%af%af%e6%b3%84%e9%9c%b2-api-%e5%af%86%e9%92%a5%e8%bf%91-2-%e4%b8%aa%e6%9c%88%ef%bc%8c%e5%86%85%e9%83%a8-ai%e6%a8%a1%e5%9e%8b%e6%95%b0%e6%8d%ae%e5%ae%89%e5%85%a8","status":"publish","type":"post","link":"https:\/\/www.1ai.net\/en\/34565.html","title":{"rendered":"xAI Employee Mistake Leaks API Keys for Nearly 2 Months, Red Light on Data Security for Internal AI Models"},"content":{"rendered":"<p>May 2, 2011 - Tech media outlet KrebsOnSecurity published a blog post yesterday (May 1) reporting that Elon Musk's artificial intelligence company <a href=\"https:\/\/www.1ai.net\/en\/tag\/xai\" title=\"[View articles tagged with [xAI]]\" target=\"_blank\" >xA<\/a> on GitHub by one of its employees.<strong>Inadvertently leaked one. <a href=\"https:\/\/www.1ai.net\/en\/tag\/api\" title=\"_OTHER ORGANISER\" target=\"_blank\" >API<\/a> <a href=\"https:\/\/www.1ai.net\/en\/tag\/%e5%af%86%e9%92%a5\" title=\"[See articles with [key] labels]\" target=\"_blank\" >keys<\/a>, a lapse that lasted nearly two months.<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-34566\" title=\"b6a27f69j00svme5n000nd000hg00d3p\" src=\"https:\/\/www.1ai.net\/wp-content\/uploads\/2025\/05\/b6a27f69j00svme5n000nd000hg00d3p.jpg\" alt=\"b6a27f69j00svme5n000nd000hg00d3p\" width=\"628\" height=\"471\" \/><\/p>\n<p>Philippe Caturegli, the \"Chief Hacking Officer\" from French security consulting firm Seralys, first exposed the issue on LinkedIn, and security firm GitGuardian then stepped in, with a system scan revealing that the key had access to a number of xAI's Large Language Models (LLMs), including unreleased versions of Grok chatbots (e.g. grok-2.5V) and custom models related to data from companies such as SpaceX and Tesla. models (LLMs) of xAI, including unreleased versions of the Grok chatbot (e.g. grok-2.5V) and customized models associated with data from SpaceX, Tesla, and others.<\/p>\n<p>1AI cites a blog post that describes how GitGuardian notified the xAI employee involved via an automated alert as early as March 2, but the issue wasn't resolved until April 30 after contacting the xAI security team directly.<\/p>\n<p>The key not only accesses public Grok models, but also private models such as \"tweet-rejector\" and \"grok-spacex-2024-11-04\" that are under development.<\/p>\n<p>Carole Winqwist, head of GitGuardian's research team, warns that attackers who gain such access could manipulate models through prompt injection or even plant malicious code, threatening the security of the entire supply chain.<\/p>","protected":false},"excerpt":{"rendered":"<p>May 2, 2011 - Tech media outlet KrebsOnSecurity published a blog post yesterday (May 1) reporting that an employee of Elon Musk's artificial intelligence company xAI had inadvertently leaked an API key on GitHub, a mistake that lasted nearly two months. Philippe Caturegli, the \"Chief Hacking Officer\" of French security consultancy Seralys, first exposed the issue on LinkedIn, and security firm GitGuardian stepped in, with a scan of its systems revealing that the key had access to a number of xAI's Large Language Models (LLMs). models (LLMs), including the unreleased Gr<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[146],"tags":[1033,356,6507],"collection":[],"class_list":["post-34565","post","type-post","status-publish","format-standard","hentry","category-news","tag-api","tag-xai","tag-6507"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/34565","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/comments?post=34565"}],"version-history":[{"count":0,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/34565\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/media?parent=34565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/categories?post=34565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/tags?post=34565"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/collection?post=34565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}