Braintrust Urges API Key Rotation After AWS Cloud Breach Exposes Customer Secrets AI evaluation startup Braintrust has instructed customers to revoke and replace their API keys following unauthorized access to an Amazon Web Services (AWS) cloud account containing sensitive credentials. The breach, disclosed in an email sent to customers on Monday and later posted on the company’s website, involved an AWS account storing API keys used to access cloud-based AI models. Braintrust confirmed the incident was contained, locking down the compromised account, auditing related systems, and rotating internal secrets. While the company stated it had only identified one impacted customer and found no evidence of broader exposure, it advised all users to rotate their stored API keys as a precaution. The cause of the breach remains under investigation. In a statement to TechCrunch, Braintrust spokesperson Martin Bergman emphasized the move was taken "out of an abundance of caution," noting no evidence of a confirmed breach at the time of disclosure. The startup, which provides a platform for monitoring AI models and raised $80 million in a February funding round valuing it at $800 million, positions itself as an "operating system for engineers building AI software." Cybersecurity experts warn the incident could have downstream effects for affected customers, particularly AI companies reliant on Braintrust’s infrastructure. Similar breaches, such as the 2023 attack on CircleCI, have demonstrated how compromised cloud accounts can expose API keys, allowing attackers to impersonate legitimate users and access systems without direct infiltration. Recent high-profile incidents, including a 2024 breach of an AWS account tied to the European Commission that exposed 92GB of data, underscore the growing threat of cloud-based credential theft.