Braintrust, an AI evaluation startup, has asked customers to revoke and replace their API keys following a breach of customer secrets. Affected by unauthorized access to an Amazon Web Services (AWS) cloud account containing customer API keys, Braintrust has communicated with one impacted customer and hasn’t found evidence of further exposure. They advised all customers to rotate API keys stored with the company and shared details of the incident on their website. Braintrust has contained the breach, secured the compromised account, and reviewed access across systems. An investigation into the breach is ongoing. The company sent an email to customers as a precautionary measure, confirming the security incident without evidence of a breach. Braintrust, valued at $800 million after an $80 million Series B funding round, offers a platform for companies to monitor AI models and products. Jaime Blasco of Nudge Security warned of potential downstream effects on AI companies relying on Braintrust. Targeting of corporate accounts on cloud services is common for stealing secrets like API keys. CircleCI experienced a similar breach in 2023, while a massive data breach affected the European Commission and EU entities recently.
Braintrust Confirms Breach, Urges Customers to Rotate Sensitive Keys
1 Min Read