Braintrust Urges API Key Rotation After AWS Cloud Breach Exposes Customer Secrets
AI evaluation startup Braintrust has instructed customers to revoke and replace their API keys following unauthorized access to an Amazon Web Services (AWS) cloud account containing sensitive credentials. The breach, disclosed in an email sent to customers on Monday and later posted on the company’s website, involved an AWS account storing API keys used to access cloud-based AI models.
Braintrust confirmed the incident was contained, locking down the compromised account, auditing related systems, and rotating internal secrets. While the company stated it had only identified one impacted customer and found no evidence of broader exposure, it advised all users to rotate their stored API keys as a precaution. The cause of the breach remains under investigation.
In a statement to TechCrunch, Braintrust spokesperson Martin Bergman emphasized the move was taken "out of an abundance of caution," noting no evidence of a confirmed breach at the time of disclosure. The startup, which provides a platform for monitoring AI models and raised $80 million in a February funding round valuing it at $800 million, positions itself as an "operating system for engineers building AI software."
Cybersecurity experts warn the incident could have downstream effects for affected customers, particularly AI companies reliant on Braintrust’s infrastructure. Similar breaches, such as the 2023 attack on CircleCI, have demonstrated how compromised cloud accounts can expose API keys, allowing attackers to impersonate legitimate users and access systems without direct infiltration. Recent high-profile incidents, including a 2024 breach of an AWS account tied to the European Commission that exposed 92GB of data, underscore the growing threat of cloud-based credential theft.
Amazon Science cybersecurity rating report: https://www.rankiteo.com/company/amazonscience
Braintrust cybersecurity rating report: https://www.rankiteo.com/company/usebraintrust
"id": "AMAUSE1778092688",
"linkid": "amazonscience, usebraintrust",
"type": "Breach",
"date": "5/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': 'All users (as a precaution), '
'one confirmed impacted customer',
'industry': 'AI Evaluation',
'name': 'Braintrust',
'type': 'Startup'}],
'attack_vector': 'Unauthorized access to AWS cloud account',
'customer_advisories': 'Email sent to customers instructing them to revoke '
'and replace API keys',
'data_breach': {'sensitivity_of_data': 'High (API keys for cloud-based AI '
'models)',
'type_of_data_compromised': 'API keys, sensitive credentials'},
'description': 'AI evaluation startup Braintrust has instructed customers to '
'revoke and replace their API keys following unauthorized '
'access to an Amazon Web Services (AWS) cloud account '
'containing sensitive credentials. The breach involved an AWS '
'account storing API keys used to access cloud-based AI '
'models.',
'impact': {'data_compromised': 'API keys used to access cloud-based AI models',
'operational_impact': 'Customers advised to rotate API keys',
'systems_affected': 'AWS cloud account'},
'investigation_status': 'Ongoing',
'recommendations': 'Rotate API keys as a precautionary measure',
'references': [{'source': 'TechCrunch'}, {'source': 'Braintrust website'}],
'response': {'communication_strategy': 'Email to customers, statement on '
'website, statement to TechCrunch',
'containment_measures': 'Locked down the compromised account, '
'audited related systems, rotated '
'internal secrets',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Advised customers to rotate API keys'},
'stakeholder_advisories': 'Customers advised to rotate API keys',
'title': 'Braintrust Urges API Key Rotation After AWS Cloud Breach Exposes '
'Customer Secrets',
'type': 'Data Breach'}