IT security and privacy enthusiast. I'm primarily using this account to boost things that catch my attention.
Anything shared or boosted through this account does not represent my employer and does not necessarily represent my own views. Follow me at your own risk.
New, at KrebsOnSecurity.com: Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI.
https://krebsonsecurity.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/
This is fun. Google Gemini’s “Summarize email” function is vulnerable to invisible prompt injection utilized to deceive users, including with fake security alerts.
A look at the recent sea surface temperature trend (annual mean) for the Gulf of Mexico... 🫣
See more at https://zacklabe.com/united-states-climate-indicators/
"While these agents promise to make life easier by allowing users to “put your brain in a jar,” they can also gather valuable—and often sensitive—data. This is a core concern for #Signal, which is trusted by tens of millions of users, including those in government, military, human rights and journalism, for confidential communication and guaranteed #privacy."
https://observer.com/2025/07/signal-meredith-whittaker-agentic-ai-risk/
NEW: Over the weekend, Jack Dorsey launched an open-source chat app called Bitchat, which he promised to be “secure” and “private.”
He then later added a warning that the app not been tested or reviewed for security issues, asking people not to trust it as "it does not necessarily meet its stated security goals."
Security researchers are already finding flaws in it.
Good scoop by reporters with the Organized Crime and Corruption Reporting Project (OCCRP), who confirmed that Sergio Gor, the director of the White House Office of Presidential Personnel, was born in the former Soviet Union, specifically in Tashkent, Uzbekistan. Gor prompted speculation about his origins when he declined to say where he was born, saying only that it was not in Russia.
https://www.occrp.org/en/news/exclusive-top-trump-advisor-sergio-gor-was-born-in-the-soviet-union
New, at KrebsOnSecurity.com: Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI.
https://krebsonsecurity.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/
From the story:
Philippe Caturegli, “chief hacking officer” at the security consultancy Seralys, said the exposed API key allowed access to at least 52 different LLMs used by xAI. The most recent LLM in the list was called “grok-4-0709” and was created on July 9, 2025.
Grok, the generative AI chatbot developed by xAI and integrated into Twitter/X, relies on these and other LLMs (a query to Grok before publication shows Grok currently uses Grok-3, which was launched in Feburary 2025). Earlier today, xAI announced that the Department of Defense will begin using Grok as part of a contract worth up to $200 million. The contract award came less than a week after Grok began spewing antisemitic rants and invoking Adolf Hitler.
Mr. Elez did not respond to a request for comment. The code repository containing the private xAI key was removed shortly after Caturegli notified Elez via email. However, Caturegli said the exposed API key still works and has not yet been revoked.
Anthropic, Google, OpenAI and xAI have all been granted contracts worth up to $200M by the U.S. Department of Defense to accelerate its adoption of “advanced AI capabilities to address critical national security challenges.” It seems your AI calling itself “MechaHitler” isn’t a dealbreaker for defense contracts. https://www.cnbc.com/2025/07/14/anthropic-google-openai-xai-granted-up-to-200-million-from-dod.html
Dear Doge Moron Marko Eliz,
Dogs sniff each others asses, so have another colleague sniff your code (as well as everything you touch).... It should smell the same. By the way, I have read about your racism. Disco your sessions, return your devices, data, and property, and go away. Play with tinker toys.
@briankrebs Incident Response is woke
"the exposed API key still works and has not yet been revoked"
"...hired some random douchebros off the side of the road..." 🙂 you do have a way with words, concepts too! Thanks for the black laughter.
Is he the one they call, sorry, who calls himself, "Big Balls"?
🙂
Oh, thanks for clarifying, my mistake! 😂
@briankrebs who ever would have guessed a #DOGE bro wouldn't have the best security hygiene?
https://cryptadamus.substack.com/p/the-crypto-grifters-of-doge
Could we make it easier? Maybe adverserial hackers would enjoy a refreshment & shoulder massage as they're led comfortably into every aspect of government infrastructure?
@fst @briankrebs have you ever heaed abaout AlphaGo zero. tl;dr: it learned playing Go by playing against itself.
let me introduce xAi, where it learns facts and history by talking to itself
@briankrebs This!
“If a developer can’t keep an API key private, it raises questions about how they’re handling far more sensitive government information behind closed doors,” Caturegli told KrebsOnSecurity.
@fst
What closed doors? 
@briankrebs
> However, Caturegli said the exposed API key still works and has not yet been revoked.
> While still at Treasury, Elez resigned after The Wall Street Journal linked him to social media posts that advocated racism and eugenics. When Vice President J.D. Vance lobbied for Elez to be rehired, President Trump agreed and Musk reinstated him.
If you're a racist, you're stupid by definition.
(Does not rule our being harmful and dangerous.)
What could possibly go wrong?
Does Musk deliberately employ total fucking idiots or is this a side-effect of other selected for employee attributes? 🤦♂️🙄
It’s nice to know that I would be overlords not only enjoy hiring and competent white people to cabinet positions and government largely because they’re over government and they intend to destroy it and replace it with their own ideas.. (ahem), but they’re chosen foot soldiers also live in a world of arrogance, and with it comes indifference and incompetence.
CatSalad🐈🥗 (D.Burch) 
BrianKrebs
Ian Campbell
Zack Labe
evacide
Police State UK
Lorenzo Franceschi-Bicchierai
Steve Herman
Viss
Nomdeb
F4GRX Sébastien
John Maxwell
Alan Miller 
🇺🇦
Keith Ivey
Gene Pasquet
C-rich
▓▒▒░░ ʝσɳω ░░▒▒▓
Kevin Cheek
okanogen VerminEnemyFromWithin
jmcp
👊🇺🇸🔥
Su_G
funnymonkey
Live, Laugh, Punch Nazis
Bill, organizer of stuff
⚯ Michel de Cryptadamus ⚯
Wade McGillis
Finitum
Computeforloot 
日本語まあまあ
mastodonphan
《 ꞰᐰR⩓ 》🆘
🏳️🌈
Felix 🇨🇦 🇩🇪 🇺🇦
�
Dźwiedziu
RejZoR
PalidMask
xs4me2
Simon Zerafa
CryptoMoose
martinl 🇨🇦🤝🇺🇦
Vanstra
Kristin (vis.social Admin)
Alexander Dyas
Scott D. Strader 😐
GhostOnTheHalfShell
Michael Vilain
Kevin Ashworth