Security

Krebs on xAI: Secrets Leaked, Unsafe for Months

Leave a comment

Here’s some nice reporting from Krebs on the security operations of xAI missing a secret key leak for months, failing to respond to several external including public notices for months, only finally reacting after GitGuardian dug in and forced them to pay attention.

Philippe Caturegli, “chief hacking officer” at the security consultancy Seralys, was the first to publicize the leak of credentials for an x.ai application programming interface (API) exposed in the GitHub code repository of a technical staff member at xAI.

Caturegli’s post on LinkedIn [invoked] researchers at GitGuardian, a company that specializes in detecting and remediating exposed secrets in public and proprietary environments. GitGuardian’s systems constantly scan GitHub and other code repositories for exposed API keys, and fire off automated alerts to affected users.

GitGuardian’s Eric Fourrier told KrebsOnSecurity the exposed API key had access to several unreleased models of Grok, the AI chatbot developed by xAI. In total, GitGuardian found the key had access to at least 60 fine-tuned and private LLMs.

“The credentials can be used to access the X.ai API with the identity of the user,” GitGuardian wrote in an email explaining their findings to xAI. “The associated account not only has access to public Grok models (grok-2-1212, etc) but also to what appears to be unreleased (grok-2.5V), development (research-grok-2p5v-1018), and private models (tweet-rejector, grok-spacex-2024-11-04).”

Fourrier found GitGuardian had alerted the xAI employee about the exposed API key nearly two months ago — on March 2. But as of April 30, when GitGuardian directly alerted xAI’s security team to the exposure, the key was still valid and usable. xAI told GitGuardian to report the matter through its bug bounty program at HackerOne, but just a few hours later the repository containing the API key was removed from GitHub.

“It looks like some of these internal LLMs were fine-tuned on SpaceX data, and some were fine-tuned with Tesla data,” Fourrier said. “I definitely don’t think a Grok model that’s fine-tuned on SpaceX data is intended to be exposed publicly.”

If you read between the lines, there is no xAI “security team”. The bounty system, because it has a financial impact/risk characterization inherent to its coin-based ethics model, likely raised the kind of alarm that nobody inside the company is qualified or competent to manage independently. GitGuardian remarked in their blog they were so kind as to directly notify the engineer caught leaking.

On the 2nd of March 2025, this automated system discovered a new secret in a commit in a public repository. The commit contained an xAI API key in an .env file. This is a classical secret leak scenario, and GitGuardian sent an email to the commit author to alert him of the incident. The only thing that made this specific commit stand out from the mass was the committer’s email address: it was hosted under the x.ai domain.

The message “you published your secret key to a public repository several months ago and related systems may be totally compromised” didn’t get a response?!

Think about that company culture for a hot minute. GitGuardian sounded actually quite pissed off about the incompetence of Elon Musk’s typical antics.

We prepared a responsible disclosure e-mail with all the information required to quickly identify the leak source, affected keys and accounts, and start the remediation process. We then faced a first difficulty. xAI’s main website does not expose a security.txt file. As we presented in a blog post earlier this year, RFC 9116 defines a standard way of publicly providing a company’s security contact information, thanks to a security.txt. This is an industry standard that xAI is not following.

x.com exposes such a security.txt file. However, this one leads to a HackerOne program at https://hackerone.com/twitter, and the file has expired since January 2024, a year after Twitter’s acquisition by Elon Musk.

A security file that was copied from Twitter. With bad data. That was expired. Three strikes!

But wait, the story gets EVEN WORSE.

Finding this security contact took us a few unnecessary hours. We sent the disclosure email on April 30th at 11:00 AM EST. We received an answer from xAI 12 hours later… For a company the size of X, replacing an Incident Response Team (PSIRT or CSIRT) with a bug bounty platform should not be an option and should be considered bad practice. Again, we were not looking for a reward. …a few hours later, the leaky repository was removed from GitHub and the key revoked. This was done without any update sent to us, completely out of bounds of the disclosure process. This means we could have wasted more time filling a bug bounty report and waiting for updates, just to be notified that the issue was invalid, because it was already fixed.

GitGuardian clearly isn’t playing. xAI is being described by them as lacking even basic normal security practices, operating at sub-standard trust management capability.

Going to the xAI security page still tells you to go to their trust page (https://trust.x.ai/), which really is just a redirect to Vanta’s “trust platform product” (not to be confused with the “cool balls” underwear company) further indicating xAI may be only a shell company (e.g. the kind of internal control weakness Sarbanes-Oxley used to be about).

A Vanta product illustration, which is not to be confused with the other Vanta product

Krebs goes on to discuss implications for Elon Musk’s concept for the Department of Government (DOG) labelled ironically as “efficiency”, because critics contend xAI is centralizing federal American data in preparation to sell itself (like Twitter) as a private deal to the Saudis and Russians.

In other words, value of xAI being dangled in front of the Saudis may have just collapsed because secrets were leaked at the same time Elon Musk was touring the desert cities trying to pitch top dollar for access to a chatbot he’s illegally feeding all the federal American data breached by his DOG.

History, Security

The Lost Identity of PK Rosy: How an Indian Caste System Erased the Cast

Leave a comment

In the early days of cinema, when women’s participation in films was itself revolutionary especially in India, a young woman named PK Rosy broke barriers by becoming the first female lead in Malayalam cinema. Her pioneering role in the 1920s film “Vigathakumaran” (The Lost Child) should have secured her place in history books forever. Instead, her legacy was systematically erased by eNadella suggested that women should trust the system to provide equal pay rather than explicitly asking for raiseslites unwilling to accept a poor woman portraying a character on screen above her “caste” in real life.

“She was likely aware of the fact that this was a new arena and making herself visible was important,” says Professor Malavika Binny of Kannur University. “People from the Pulaya community were considered slave labour and auctioned off with land. They were considered the ‘lowliest’. They were flogged, raped, tied to trees and set on fire for any so-called transgressions.”

Imagine the problems, in other words, if the Indian women who were “caste” in a system to be raped and murdered by elites suddenly acquired status such as being seen as actual people with full rights. Oh, the horror! I’m reminded of the controversy when a Microsoft CEO fired his entire AI ethics team for raising concerns about human suffering. Things haven’t changed as much as we might think, have they?

I could no longer hide my head in the sand over the fact that [the Microsoft CEO] remarks—and his almost-instant recovery—was a naked spectacle of the CEO’s upper-caste Hindu Brahmin male privilege reaching out across continents to high-five his American capitalist male supremacy.

That’s a reference to the time that Satay Nadella, as CEO of Microsoft, suggested women should trust the system to provide them equality and not explicitly request fair treatment. And on that note, Rosy belonged to the Pulaya community and faced severe oppression under the system, the kind that apparently the Microsoft CEO trusts and high-fives? Born as Rajamma in the early 1900s in Travancore (now Kerala), she overcame a system of intense oppression to pursue her passion for art, eventually catching the attention of director JC Daniel for a groundbreaking film.

The backlash was immediate and severe. Audiences were outraged by a poor woman portraying a elitist Nair character named Sarojini. During the film’s premiere, which Rosy herself was prevented from attending because of prejudice and hate, the “civilized elitist” audience rioted like fools and destroyed the theater screen. The barbaric mob then turned on her to set her house on fire, forcing her to flee for her life.

What followed reveals the devastating impact of discrimination on personal identity. Rosy was forced into hiding and cut all ties with her family. Of course she still was the talented and beautiful human the elites refused to acknowledge, but she cleverly found a loophole in obscurity and married an upper-caste man named Kesavan Pillai, took the name Rajammal, and lived the remainder of her life unknown in Nagercoil, Tamil Nadu. Even more telling of the trauma inflicted by Indian oppression of poor women: her children reportedly refused to acknowledge their mother’s Dalit identity and past as an actor in order to ensure their own survival.

Her nephew, Biju Govindan, poignantly describes this erasure:

Her children were born with an upper-caste Kesavan Pillai’s identity. They chose their father’s seed over their mother’s womb. We, her family, are part of PK Rosy’s Dalit identity before the film’s release. In the space they inhabit, caste restricts them from accepting their Dalit heritage. That is their reality and our family has no place in it.

The identity-based attacks were so vicious that no verified photographs of Rosy exist. The film reels like the screen were brutally targeted and destroyed. A provocative 2023 Google Doodle of her 120th birthday had to use a rough illustration of her beauty. Her story represents not just personal tragedy but the systematic way in which marginalized communities are held down and wiped from cultural memory to prolong their exploitation. As Govindan notes:

Rosy prioritised survival over art and, as a result, never tried to speak publicly or reclaim her lost identity. That’s not her failure – it’s society’s.

Only in recent years have filmmakers and activists begun reclaiming Rosy’s important legacy, with initiatives like the PK Rosy Film Festival celebrating Dalit cinema. Yet her story remains a powerful reminder of how elite gatekeepers control historical narratives, and how the intersection of caste and gender can lead to complete identity erasure even for those who make groundbreaking contributions. You might ask who preserved any memory of Rosy and why? The Big Indian Picture offers historians this story:

… journalist, Kunnukuzhi Mani, has been credited with being the first person to try and dig out the truth about Rosy’s life, including, but not restricted to, her involvement in Vigathakumaran. “It was at N. N. Pillai’s theatre seminar in 1968 or 69, I think. Kambisseri Karunakaran (journalist, actor and politician belonging to the Communist Party of India) told me about Rosy, a poor woman, a grass-cutter, who acted in the first film. I started investigating from then. Kambisseri gave me the information. He asked if I would do an investigation on this. I was a reporter then, an editor for the paper Kalapremi.” Kunnukuzhi met Rosy’s relatives and talked to them. He also spoke to J. C. Daniel’s relatives: “I went to Nagercoil. His siblings were there. I asked them about it. That’s how I found his house in Agastheeswaram (Tamil Nadu).” After his conversation with Daniel, Kunnukuzhi came back and wrote his first article on Rosy in Kalapremi in 1971. Since then he has written about her in several Malayalam magazines….

Security

Overseas Trump Goes “Logan’s Run” as He Spreads Hate of American Musicians

Leave a comment

While on a tour of the Middle East to sell-out defense technology and rescue Tesla, reminiscent of the Iran-Contra shell game, Trump fixated on personally attacking the Constitution and spreading his hate of the most popular American musicians.

First, he took aim at an older star.

This dried out ‘prune’ of a rocker (his skin is all atrophied!) ought to KEEP HIS MOUTH SHUT…

Apparently, Logan’s Run is coming now that freedom of speech is dead and replaced with an AI that will be run by Saudi Arabia.

If your skin wrinkles, Trump may intend to deport you to one of his death camps in Central America.

And then Trump took aim at a younger star. Suggesting he has already disappeared her.

Has anyone noticed that, since I said ‘I HATE TAYLOR SWIFT,’ she’s no longer ‘HOT?’

Hate her? Hate? Is Trump’s “America First” openly admitting now it is the platform of hate, Nazism rebranded, like it has always been?

Source: Dr. Seuss

Trump has officially and repeatedly bent over backwards to praise kings and dictators, while he turns up the anger to bash American rock stars about their freedoms. Nobody in America should expect to grow old now, it’s off the table, as the Trump regime demands silence and sacrifice to his hate platform.

Security

Grok Answers 94% Incorrect, but a Positive Sign Because Elon Musk 100% Incorrect

Leave a comment

You have to marvel at just how incompetent Elon Musk really is, and how much wealth can be tied to “valuations” of worthless stock.

…Grok answered 94% of queries incorrectly. […] “If the sources are not trustworthy and qualitative, the answers will most likely be of the same kind,” [deputy director of the Italian fact-checking project Pagella Politica and fact checking coordinator at the European Digital Media Observatory] Canetta explained. He said that he regularly comes across responses which are “incomplete, not precise, misleading or even false.”

In the case of xAI and Grok, whose owner, Elon Musk, is a fierce supporter of US President Donald Trump, there is a clear danger that the “diet” could be politically controlled, he added.

Propaganda is defined by a grain of truth being exploded into lies. The question is actually whether 6% accuracy is the correct formula for Elon Musk to expand his fraud, or will he demand Grok accuracy be reduced further for efficiency.

Notably, he has said every year since at least 2016 that his cars can drive themselves, which has never been true. He also has said since 2016 he will land on Mars in a couple years. Never been true either. Hyperloop? Lies. Boring? Lies. Without fraud, there would be no Tesla at all.

Seriously, is anyone surprised a white supremacist Hitler-loving family who fled to South Africa to profit from the huge lie of apartheid… raised a boy who fled the fall of apartheid to promote an AI platform that pushes extremist political lies, including South African 1980s white supremacist drivel?

Source: DW. A user of Musk’s Swastika asked Grok about HBO and was hit with lies about “white genocide” in South Africa
A South African Afrikaner Weerstandsbeweging (AWB) member in 2010 (left) and a South African-born member of MAGA in the U.S. on 20 January 2025 (right). Source: The Guardian. Photograph: AFP via Getty Images, Reuters