xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
1 min read
Summary
An employee of Elon Musk’s artificial intelligence (AI) company xAI left a private key on GitHub, which has allowed unauthorized access to private xAI large language models (LLMs) for two months.
The leak was first publicised on LinkedIn by Philippe Caturegli, chief hacking officer at the security consultancy Seralys, who discovered the exposed credentials for an x.ai application programming interface (API).
Elements of the API key’s potential access include unreleased models of Musk’s AI chatbot, Grok, and at least 60 separate data sets, according to researchers at GitGuardian, which scanned the GitHub code.
xAI was notified of the leak on 2 March but had not acted two months later, when the key was valid and usable.
It is believed that some of the LLMs had been fine-tuned using data from Musk’s SpaceX and Tesla companies.
Experts warned that with access to the models and back-end interface, attackers could tweak the LLM model to suit their purposes, or attempt to insert code into the supply chain.