Braintrust, a fast-growing startup that provides an “operating system for engineers building AI software,” has disclosed a security incident that exposed customer API keys stored in one of its Amazon Web Services cloud accounts. The company is now urging every customer to revoke and replace any credentials stored on its platform.
In an email sent Monday and disclosed publicly on Tuesday, Braintrust confirmed “unauthorized access” to an AWS account used to host API keys that customers rely on to connect with cloud-based AI models. The startup said it has communicated with one impacted customer and has not found evidence of broader exposure, but it is asking all users to rotate their keys out of an abundance of caution.
“The incident has been contained, and in the meantime, we’ve locked down the compromised account, audited and restricted access across related systems, and rotated internal secrets,” Braintrust said in its disclosure. The cause of the breach remains under investigation.
The incident highlights a growing vulnerability in the AI supply chain. As companies rush to integrate large language models into their products, they increasingly rely on third-party platforms like Braintrust to manage prompts, evaluate performance, and route requests to underlying models. When those platforms are compromised, attackers can gain silent, legitimate-looking access to a customer’s AI infrastructure simply by stealing API keys.
Braintrust is hardly alone in facing this risk. In 2023, CircleCI suffered a similar cloud breach and similarly asked customers to rotate all secrets. More recently, hackers stole 92 gigabytes of data from a compromised AWS account used by the European Commission, affecting 29 EU entities.
Why it matters
For enterprises building on AI, the Braintrust breach is a wake-up call about supply-chain security in the generative AI era. API keys have become the new passwords, and their theft can grant attackers immediate access to proprietary models, customer data, and billing accounts. Security teams should treat third-party AI platforms as critical vendors, enforce regular key rotation, and monitor for anomalous usage patterns that could signal stolen credentials in action.