BRAINTRUST warned customers to rotate API keys after attackers gained unauthorized access to one of the company’s AWS accounts, potentially exposing secrets used to connect to cloud-based AI models. The firm said it discovered suspicious activity on 4 May and immediately locked down the affected account, restricted access to related systems, and rotated internal credentials.
According to security breach notice, Braintrust identified a security incident that involved unauthorized access to one of its AWS accounts and is actively investigating with incident response experts; the company has contained the incident by locking down the compromised account and auditing access across related systems, while advising all customers to rotate any org-level AI provider keys used with Braintrust.
Although Braintrust says the impact appears limited, experts warn the breach highlights growing AI supply chain risks as AI platforms store valuable API credentials targeted by attackers. The incident notes that to date one customer was confirmed affected, with three additional customers reporting suspicious spikes in AI provider usage, and the investigation continues.