xAI Secret Leak: The Story of a Disclosure

In March 2025, GitGuardian discovered an xAI API key leaked in a public GitHub repository. Two months later, the key was found to still be valid, granting access to unreleased AI models. GitGuardian's attempts to contact xAI were hindered by outdated security information and reliance on a bug bounty program. xAI eventually addressed the issue, but their response highlighted flaws in responsible disclosure practices. This incident emphasizes the increasing risk of AI-related secret leaks and the necessity for better security measures.