BRAINTRUST , an AI evaluation and observability platform, says hackers accessed an AWS account used by its systems and likely obtained AI provider secrets stored in Braintrust. The incident was discovered on 4 May and customers were informed by email on 5 May, with indicators of compromise and remediation steps included. In response, Braintrust locked down the compromised account, audited related systems and restricted access, rotated internal secrets, and launched an investigation.
The firm states that the internal AWS account likely provided attackers with access to API keys used to access AI models, and it urges all customers to rotate their org-level AI provider keys used with Braintrust. At least one customer has been affected, with three other customers reporting suspicious spikes in AI provider usage, although Braintrust says it has not identified broader customer exposure to date.
The org-level AI provider keys potentially exposed were described by Nudge Security CTO Jaime Blasco as stored for AI-forward companies such as Box, Cloudflare, Dropbox, Notion, Ramp, Stripe, and others, highlighting the wider supply chain risk posed by a single SaaS compromise.