Braintrust tells customers to rotate API keys after AWS account breach

On May 4, 2026, Braintrust disclosed a security incident after suspicious activity.

What happened

The AI evaluation and observability company said attackers gained unauthorized access to one of its Amazon Web Services accounts, which likely exposed org-level AI provider API keys stored in Braintrust. These keys are sensitive because customers use them to connect Braintrust to cloud-based AI models.

After learning of the incident, Braintrust locked down the compromised account, audited and restricted access to related systems, rotated internal secrets, and began an investigation with incident response experts. The company notified customers on May 5 and told them to rotate any org-level AI provider keys used with Braintrust as a precaution. SecurityWeek reported that Braintrust had confirmed one affected customer, while three additional customers had reported suspicious spikes in AI provider usage.  Braintrust said it had not identified broader customer exposure at the time, but the investigation was ongoing.

In the know

Braintrust’s recommended process is API key rotation, which means replacing any org-level AI provider keys stored in Braintrust with fresh keys and making sure the old ones can no longer be used. Braintrust told customers to go to their org-level AI provider settings, delete or revoke existing secrets, configure new secrets, and check the timestamps to confirm the rotation was completed.

The reason is that an API key works like a machine password. When a customer stores an AI provider key in Braintrust, Braintrust can use that key to connect to models from cloud-based AI providers. If an attacker accessed a Braintrust AWS account that likely exposed those keys, the attacker could potentially use the old key to call the AI provider as if they were the legitimate customer. Rotation cuts off that pathway. The customer creates a new key with the AI provider, updates Braintrust to use the new key, revokes or deletes the old key, and then monitors usage for abnormal spikes.

A similar idea appears in AWS Secrets Manager. AWS explains that secret rotation updates credentials in both the stored secret and the connected service. With Lambda-based rotation, a new secret version is created, tested, and then marked as the current version so applications start using it.

What was said

According to Braintrust’s report on the matter, “We’ve identified a security incident that involved unauthorized access to one of our AWS accounts. We are actively investigating, and we have engaged incident response experts. We detected this activity on May 4, following a report of suspicious behavior and confirmed unauthorized access. We sent an email to org admins on May 5 informing them of the indicators of compromise (IOCs) with steps on what to do. We have contained the incident by locking down the compromised account, auditing and restricting access across related systems, rotating internal secrets, and engaging incident response experts to support our investigation.”

Why it matters

The Braintrust incident matters because it shows how one AI platform compromise can create risk far beyond the vendor itself. The lesson is bigger than Braintrust: any platform that stores credentials, secrets, or integrations can become a bridge into downstream systems.

An Cureus-indexed cybersecurity review captures the risk clearly, warning that trusting patient data with third-party cloud providers “introduces additional risks, including data breaches, unapproved access, and loss of control over sensitive information.” Paubox’s 2025 mid-year breach data report shows why that warning matters in healthcare operations: 107 email-related healthcare breaches had already occurred in 2025, and 52% of healthcare breaches were on Microsoft 365, up from 43% in 2024.

See also: HIPAA Compliant Email: The Definitive Guide (2026 Update)

FAQs

What is the AWS root user?

The root user is the original, highest-privilege identity created when an AWS account is opened. AWS says root credentials should not be used for everyday tasks and should only be used for actions that require root access.

Why is the root user so sensitive?

The root user can make major account-level changes, including billing, security, and access changes. AWS recommends guarding root credentials carefully and using multi-factor authentication for the root user.

What are AWS access keys?

AWS access keys are credentials used by applications, scripts, or command-line tools to access AWS services.