xAI API Key

Detects xAI (Grok) API keys, which use a distinctive xai- prefix followed by a long alphanumeric body. A leaked key grants unauthorized, billed access to xAI's Grok models and any prompts or data routed through the API.

Type
regex
Engine
universal
Confidence
high
Confidence justification
High confidence: the xai- prefix is distinctive (confirmed by xAI's own security FAQ and its own GitHub secret-scanning partner entry with push protection enabled by default), so false positives on the prefix alone are extremely unlikely even though the exact body length is not formally documented.
Jurisdictions
global
Regulations
Criminal Code Act 1995 (Cth)
Frameworks
CIS Controls, ISO 27001, NIST CSF, SOC 2
Data categories
credentials, security
Scope
narrow
Risk rating
9
Platform compatibility
Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported

Pattern

(?<![A-Za-z0-9_-])xai-[A-Za-z0-9]{20,100}(?![A-Za-z0-9_-])

Corroborative evidence keywords

xai, grok, x.ai, console.x.ai, XAI_API_KEY, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential, database, host (+38 more)

Proximity: 300 characters

Should match

Should not match

Known false positives

References