Braintrust, a prominent startup specializing in AI model evaluation, has confirmed a security breach that has put customer credentials at risk. In a move described as a precautionary measure, the company is urging its entire user base to immediately revoke and replace any API keys stored within the platform.
The Scope of the Incident
The breach originated from unauthorized access to one of Braintrust’s Amazon Web Services (AWS) cloud accounts. This specific account housed sensitive API keys that customers use to interface with various cloud-based AI models.
While Braintrust has confirmed that at least one customer was directly impacted, the company maintains that there is currently no evidence of widespread data exposure. However, the risk of “downstream implications”—where attackers use stolen keys to impersonate legitimate users—has prompted a company-wide call for security updates.
Immediate Response and Mitigation
Following the discovery, Braintrust took several steps to secure its infrastructure:
- Account Lockdown: The compromised AWS account was immediately isolated.
- Access Audit: The company restricted permissions across all related systems.
- Internal Rotation: Braintrust rotated its own internal secrets and credentials.
In an official statement, spokesperson Martin Bergman noted that the outreach to customers was conducted out of an “abundance of caution.” Despite this, cybersecurity experts, including Nudge Security co-founder Jaime Blasco, warn that such incidents can have significant ripple effects for AI companies relying on Braintrust for their development workflows.
A Growing Trend in Cloud Vulnerabilities
This incident mirrors previous high-profile attacks on development platforms. In 2023, CircleCI faced a similar cloud breach that forced a massive rotation of customer secrets. More recently, hackers targeted the European Commission’s AWS infrastructure, highlighting a persistent trend where attackers favor stealing “secrets” like API keys over traditional system hacking.
About Braintrust
Led by CEO Ankur Goyal, Braintrust functions as an “operating system” for engineers building AI software. The startup recently reached an $800 million valuation following an $80 million Series B funding round in early 2026. As AI integration becomes standard for enterprises, the security of these evaluation platforms remains a critical link in the software supply chain.
