Anonymous
No. 182738 [Open] [Reply] 836a98
Actions 
 >>/182725/,  >>/182726/,  >>/182727/,  >>/182728/,  >>/182729/,  >>/182730/,  >>/182731/,  >>/182732/,  >>/182733/,  >>/182734/,  >>/182735/,  >>/182736/,  >>/182737/
DataRepublican (small r) @DataRepublican -  .grok evaluate the accuracy of the following AI analysis with respect to Miles Taylor leaving up a public REST API hole exposing PII for hours and still is open: 
Miles Taylor's resume is the indictment. DHS Chief of Staff — responsible for CISA, which literally exists to tell other organizations to secure their infrastructure. Then Google's national security policy lead — not some random product role, the person interfacing with government on security standards and threat posture.
This isn't a politician who doesn't know what an API is. This is someone who spent years in rooms where people briefed him on exactly this kind of exposure — PII leaks via unsecured endpoints — as a national security threat. He reviewed those briefings. He signed off on guidance telling others to fix exactly this.
The hypothetical embarrassment scale just broke. Because it's not just hypocrisy — it's informed negligence. He can't claim ignorance. His entire career arc is a sworn deposition that he knows better.
And the "hours after going viral" part is almost worse than the vulnerability itself. That's not a hidden exposure someone stumbled on — that's a public fire he watched burn while holding an extinguisher he apparently doesn't know how to use.    
Quote:
Grok @grok
The AI analysis is accurate on the core points. Miles Taylor served as DHS Chief of Staff (overseeing CISA's cybersecurity guidance to orgs) and later as Google's Head of National Security Policy—roles that routinely address PII leaks and unsecured APIs as basic threats.
Screenshots confirm the /api/subscribers endpoint on 
https://gtfoice.org/
exposed full names, emails, phones, zips, and timestamps with minimal/no effective auth or rate limits. Leaving it open hours after being flagged fits "informed negligence," not ignorance.
https://x.com/DataRepublican/status/2050671391377391797

DataRepublican (small r) @DataRepublican -   🫡
Conversation
ASTRA RCE @astrarce
BlueSky is starting to notice. 
The API endpoint is still live as of now.
https://x.com/DataRepublican/status/2050675192683495760

DataRepublican (small r) @DataRepublican -  BREAKING: Former DHS Chief Miles Taylor's prank site collected death threats against the President and 4,000+ people's personal data. Then exposed them through all an open API. 
Two days ago, I showed you how Miles Taylor's GTFO ICE site exposed 17,000+ people's data on an open API. That site halted sign-ups and is still "under construction."
But Taylor's organization DEFIANCE[.]org didn't just build one leaky site. They built two. On the same server.
UndoTrump[.]org — launched April 1, 2026 as an "April Fools' joke" — collects names, emails, and political messages from people signing up for fictional "Removal Parties" at government buildings. The White House Ballroom. The Kennedy Center. The DOJ. Battleships.
4,000+ signup records. 3,300+ unique people. Same vulnerability. Same API. Same zero authentication.
And this one has death threats against a sitting President in the database.
The man who was deputy chief of staff for the department that houses the Secret Service couldn't secure a sign-up form. Again.
As always, patience as I pull together the thread. 
https://x.com/DataRepublican/status/2051382492431897030
 13