Braintrust Breach Exposes Customer AI Provider API Keys
AI observability platform Braintrust is urging customers to rotate their API keys after a breach of an internal AWS account exposed credentials used to access third-party AI models.
AI evaluation and observability platform Braintrust has alerted its customer base to rotate their API keys following a security breach involving unauthorized access to one of the company's AWS accounts. The incident was first identified on May 4, 2026, after the company received reports of suspicious activity. By May 5, Braintrust had initiated communication with affected users, providing them with necessary indicators of compromise (IOCs) and specific remediation instructions SecurityWeek.
The technical mechanism of the breach centers on the compromise of an internal AWS account, which served as a repository for sensitive credentials. Braintrust confirmed that this unauthorized access likely granted attackers the ability to view and potentially exfiltrate API keys that its customers utilize to interface with various AI models. Upon discovery, the company moved to secure its environment by locking the compromised account, auditing its systems, restricting access, and rotating its own internal secrets SecurityWeek.
The impact of this incident extends beyond Braintrust’s internal infrastructure, directly affecting the security posture of its clients. While the company stated that at least one customer was confirmed to be affected, it also noted that three additional customers reported anomalous spikes in their AI provider usage, suggesting unauthorized utilization of their credentials. Braintrust has advised all organization administrators who store AI provider secrets within the platform to immediately delete or revoke existing keys and configure new ones, verifying the rotation through timestamp checks SecurityWeek.
Industry experts have highlighted the significant downstream risks posed by this event. Jaime Blasco, CTO of Nudge Security, noted that the potential exposure includes API keys for major organizations such as Box, Cloudflare, Dropbox, Notion, Ramp, and Stripe. Blasco emphasized that the "blast radius" of such a breach is not limited to the platform itself, but extends to the entire AI stack of every downstream customer. Because tools like Braintrust act as "credential warehouses" for LLM provider accounts, they have become high-priority targets for attackers looking to exploit supply chain vulnerabilities SecurityWeek.
This incident underscores a growing trend in the cybersecurity landscape where AI-centric tools, such as observability and evaluation platforms, are increasingly targeted as conduits to broader corporate networks. As companies continue to integrate various AI services, the centralization of credentials within third-party SaaS providers creates a single point of failure that can lead to widespread unauthorized access. Security teams are now faced with the challenge of managing the risks associated with these "credential warehouses," which are rapidly becoming a tier-one target for threat actors SecurityWeek.