Braintrust Orders Customers to Rotate API Keys After AWS Account Intrusion

TL;DR: Braintrust instructed every customer to rotate API keys after detecting unauthorized access to an AWS account that stored those credentials. The company says the incident is contained and no customer data has been confirmed compromised.

Context Braintrust provides a platform for monitoring AI models and raised $80 million in a Series B round that valued it at $800 million. On Monday it emailed customers about an “unauthorized access” incident in one of its AWS cloud accounts, which contained API keys used to call external AI models. The firm disclosed the incident on its website Tuesday, noting the compromised account had been locked down, related systems audited, and internal secrets rotated.

Key Facts - Braintrust confirmed unauthorized access to a single AWS account holding customer API keys. - The email directed every customer to rotate any API keys stored with Braintrust. - Spokesperson Martin Bergman said the notice was sent out of caution; a security incident was confirmed but no evidence of a breach has been found. - The cause is under investigation; the company has communicated with one impacted customer and sees no broader exposure so far.

What It Means Security teams should treat API keys as high‑value credentials and rotate them immediately when a provider reports possible exposure. Enable multi‑factor authentication on all cloud accounts, enforce least‑privilege IAM policies, and monitor for anomalous API usage using CloudTrail or similar logging. Detect credential theft attempts with MITRE ATT&CK techniques T1078 (Valid Accounts) and T1552.001 (Credentials in Files). Use a secrets manager to avoid hard‑coding keys and apply automated rotation policies. Defenders should also review third‑party access logs for signs of lateral movement or data exfiltration.

Watch for Braintrust’s investigation results, any updated guidance for customers, and whether regulators or partners request further disclosure of the incident.