Braintrust AWS Breach Exposes AI API Keys, Triggers Customer Key Rotation

*TL;DR: Braintrust detected unauthorized access to an AWS account on May 4, locked the account, rotated credentials and warned customers to rotate AI provider API keys; one customer was confirmed impacted while three others show suspicious usage spikes.

Context

AI observability platform Braintrust stores organization‑level API keys that grant access to cloud‑based AI models. Those keys enable downstream applications to call services such as OpenAI, Anthropic or other providers. Because the keys act as bearer tokens, anyone who obtains them can consume AI resources under the victim’s quota and billing account.

Key Facts

- On May 4, Braintrust’s security team spotted anomalous activity in one of its Amazon Web Services (AWS) accounts. The team immediately isolated the account, restricted access to related services and rotated all internal secrets. - The breach involved unauthorized access to the AWS environment that housed the stored AI provider keys. Braintrust engaged external incident‑response experts to assist with forensic analysis. - Investigation confirmed that a single customer’s API keys were exposed. Three additional customers reported abnormal spikes in AI usage, which Braintrust is still investigating. - The company notified all customers the following day, providing indicators of compromise (IOCs) and step‑by‑step remediation guidance. - No evidence of a broader data exfiltration beyond the AI keys has emerged, but the incident underscores the growing risk of AI supply‑chain attacks where attackers target SaaS platforms to reach downstream users.

What It Means

The exposure of AI provider API keys creates a direct avenue for attackers to consume expensive AI services at the victim’s expense, potentially inflating cloud bills and leaking proprietary prompts or data. Because API keys lack granular user attribution, misuse can appear as legitimate traffic, evading traditional security monitoring.

For organizations that rely on Braintrust or similar key‑management services, the breach highlights the need for continuous key hygiene, strict least‑privilege policies and real‑time usage analytics. The incident also illustrates how a single compromised cloud account can cascade into downstream supply‑chain risks.

Mitigations – What Defenders Should Do

1. Rotate all AI provider API keys immediately, following Braintrust’s guidance. Treat the rotation as a forced password change. 2. Enable key usage monitoring on AI platforms: set alerts for sudden spikes in request volume or cost. 3. Apply IAM (Identity and Access Management) best practices in AWS: enforce MFA (multi‑factor authentication), limit permissions to the minimum required, and use role‑based access instead of long‑lived keys. 4. Implement secret‑management controls such as AWS Secrets Manager or HashiCorp Vault, ensuring automatic rotation and audit logging. 5. Adopt MITRE ATT&CK technique T1078 (Valid Accounts) detection signatures to spot logins from unusual locations or devices. 6. Review and harden API gateway configurations to require request signing or IP allow‑lists where feasible. 7. Conduct regular penetration tests focused on credential leakage pathways in SaaS integrations.

Looking Ahead

Braintrust plans to add timestamps and user attribution for every API key change, a step that should improve forensic visibility. Security teams should watch for updates to the investigation and for any new advisories from AI providers regarding credential abuse.

--- *Stay alert for further disclosures on AI supply‑chain threats and emerging hardening recommendations.*