News
- A security researcher has uncovered a worrying API key leak
- The leak reportedly comes from DOGE staffer Marko Elez
- This is not the first security issue originating from DOGE
A staffer with access to the personal data of millions of Americans has apparently leaked the API Key to at least four dozen LLMs developed by artificial intelligence company xAI, including X’s (formerly Twitter) own chatbot Grok.
Security expert Brian Krebs revealed Marko Elez, an employee at Elon Musk’s Department of Government Efficiency, had access to sensitive databases at the US Social Security Administration, Justice, and Treasury departments as part of DOGE’s work in 'streamlining' the departments to increase efficiency.
Ironically, researchers recently uncovered that a DOGE worker’s credentials were exposed by infostealing malware, so DOGE’s security record so far is less than impressive.
Save up to 68% on identity theft protection for TechRadar readers!
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
Grok exposedA code script was committed to GitHub named ‘agent.py’ that included a private application programming interface (API) key for xAI by Elez. This was first flagged by GitGuardian, a firm which scans GitHub for API secret tokens, database credentials, and certificates - and alerts affected users.
The exposed API key allowed access to at least 52 different LLMs used by xAI, with the most recent being an LLM called ‘grok 4-0709’, created on July 9, 2025 - according to Chief Hacking Officer at security consultancy Seralys, Philippe Caturegli.
Caturegli warned KrebsOnSecurity, “If a developer can’t keep an API key private, it raises questions about how they’re handling far more sensitive government information behind closed doors.”
The code repository that contains the private API key has since been removed after Elez was notified by email of the leak, however, the key still works and has not yet been revoked, so the issue is far from resolved.
This is not the first time internal xAI APIs have been leaked, with LLMs made for Musk’s other organisations, like SpaceX, Tesla, and Twitter/X exposed earlier in 2025, Krebs confirmed.
“One leak is a mistake,” Caturegli said, “But when the same type of sensitive key gets exposed again and again, it’s not just bad luck, it’s a sign of deeper negligence and a broken security culture.”
You might also like- Take a look at our picks for the best malware removal software around
- Check out our choice for the best AI tools
- Identity fraud attacks using AI are fooling biometric security systems
- The Campfire Audio Relay is a USB-C DAC/amp for headphones
- Pro-Ject Head Box E is a very small desktop headphones amp
- Campfire Audio Relay: $229 / £229 | Pro-Ject Head Box E: £89 (about $120)
Two of our favorite hi-fi firms have released two very different headphone amps. One's designed to live on your desktop, and the other in your pocket or purse, but both promise a significant audio upgrade for fans of the best wired headphones and best wired earbuds.
The amps are the Campfire Audio Relay, a portable headphone DAC/amp with a USB-C connection; and the Pro-Ject Head Box E, a compact desktop headphone amplifier. Both are available from July 2025, and both cost less than you might expect.
The Pro-Ject Head Box E promises to outperform the headphone stages of larger, more expensive amps (Image credit: Pro-Ject)Campfire Relay and Pro-Ject Head Box E: key features and pricingLet's start with the most affordable of the pair, the Pro-Ject Head Box E. That's just £89 / €119 (around $120 / AU$180), and unlike similarly priced amps it doesn't use an integrated chipset for its amplification: Pro-Ject says that it has used carefully selected discrete components to deliver a sound that punches above the amp's modest price tag.
The Head Box E delivers 665 milliwatts into 32 ohms, and it's deliberately simple: it has a pair of 6.3mm and a 3.5mm headphone outs on the front – which can be used simultaneously for shared listening – and RCAs on the back. The RCA out is bypassed so it can send unaltered audio to your hi-fi system. According to Pro-Ject, it "outperforms the headphone stages typically found in stereo amps".
The Campfire Audio Relay works with any USB-C device – meaning it's great for phones as well as laptops (Image credit: Campfire Audio)The Campfire Audio Relay is even smaller, and it's built around the AKM 4493 SEQ DAC chip that according to Campfire, delivers "just the right amount of color and a touch of a classic analogue sound signature." It has 3.5mm and balanced 4.4mm outputs and USB-C for wide connectivity with phones, tablets and computers.
The Relay has selectable high/low gain, six filter modes and variable bit rates up to 32-bit / 768kHz, and it supports both PCM and DSD playback.
The Campfire Audio Relay is £229 / $299 / AU$399 and if you’re in London this weekend you'll be able to check it out at CanJam London.
You might also like