xAI leaked API key

A security lapse at xAI, led to the exposure of a private API key on GitHub by a company employee. The leaked credential, discovered by Philippe Caturegli and validated by GitGuardian, provided access to at least 60 private and unreleased large language models (LLMs), including models fine-tuned on sensitive data from Musk’s other companies—SpaceX, Tesla, and Twitter/X. These models included internal tools like "tweet-rejector" and "grok-spacex-2024-11-04." Despite GitGuardian alerting the xAI employee nearly two months prior, the key remained valid until the issue was escalated directly to xAI’s security team.