To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Tech MBA Business News Tech News Chatcyberside
Content provided by Chatcyberside. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chatcyberside or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Cyberside Chats: Cybersecurity Insights from the Experts « »
Leaked and Loaded: DOGE’s API Key Crisis

15:22
 
Play
Playing
Share
 

MP3Episode home
Manage episode 495875231 series 3625301
Content provided by Chatcyberside. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chatcyberside or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

On July 13, 2025, a developer at the Department of Government Efficiency—DOGE—accidentally pushed a private xAI API key to GitHub. That key unlocked access to 52 unreleased LLMs, including Grok‑4‑0709, and remained active long after discovery.

In this episode of Cyberside Chats, we examine how a single leaked credential became a national-level risk—and how it mirrors broader API key exposures at BeyondTrust and across GitHub. LMG Security’s Director of Penetration Testing, Tom Pohl, shares red team insights on how embedded secrets give attackers a foothold—and what CISOs must do now to reduce their exposure.

Key Takeaways:

  1. Treat leaked API keys like a full-blown incident—whether it’s your code or a vendor’s.

Monitor for exposure and misuse. Include secrets in IR playbooks—even when it’s third-party code.

  1. Ask your vendors the hard questions about secrets management.

Do they rotate keys? Use a secrets manager? How quickly can they revoke?

  1. Scan your environment for exposed secrets, even if you don’t develop software.

Look for credentials in cloud configs, automation, scripts, SaaS tools.

  1. Make sure your penetration testing team searches for secrets as part of their processes.

Secrets can show up in unexpected places—firmware, config files, build artifacts. Your red team or vendor should actively hunt for exposed keys, hardcoded credentials, and reused certs across applications, infrastructure, and third-party tools.

  1. Train your IT staff and developers to remove secrets from code and automate detection.

Use GitGuardian, TruffleHog, and a secrets manager like AWS Secrets Manager or HashiCorp Vault.

References:

#DOGEleak #cybersecurity #cybersecurityawareness #ciso #infosec #itsecurity

  continue reading

32 episodes

#Tech #MBA #Business #News #Tech News #Chatcyberside
Artwork

Leaked and Loaded: DOGE’s API Key Crisis

Cyberside Chats: Cybersecurity Insights from the Experts

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 495875231 series 3625301
Content provided by Chatcyberside. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chatcyberside or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

On July 13, 2025, a developer at the Department of Government Efficiency—DOGE—accidentally pushed a private xAI API key to GitHub. That key unlocked access to 52 unreleased LLMs, including Grok‑4‑0709, and remained active long after discovery.

In this episode of Cyberside Chats, we examine how a single leaked credential became a national-level risk—and how it mirrors broader API key exposures at BeyondTrust and across GitHub. LMG Security’s Director of Penetration Testing, Tom Pohl, shares red team insights on how embedded secrets give attackers a foothold—and what CISOs must do now to reduce their exposure.

Key Takeaways:

  1. Treat leaked API keys like a full-blown incident—whether it’s your code or a vendor’s.

Monitor for exposure and misuse. Include secrets in IR playbooks—even when it’s third-party code.

  1. Ask your vendors the hard questions about secrets management.

Do they rotate keys? Use a secrets manager? How quickly can they revoke?

  1. Scan your environment for exposed secrets, even if you don’t develop software.

Look for credentials in cloud configs, automation, scripts, SaaS tools.

  1. Make sure your penetration testing team searches for secrets as part of their processes.

Secrets can show up in unexpected places—firmware, config files, build artifacts. Your red team or vendor should actively hunt for exposed keys, hardcoded credentials, and reused certs across applications, infrastructure, and third-party tools.

  1. Train your IT staff and developers to remove secrets from code and automate detection.

Use GitGuardian, TruffleHog, and a secrets manager like AWS Secrets Manager or HashiCorp Vault.

References:

#DOGEleak #cybersecurity #cybersecurityawareness #ciso #infosec #itsecurity

  continue reading

32 episodes

#Tech #MBA #Business #News #Tech News #Chatcyberside

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play