Braintrust AI platform suffers AWS account breach
AI evaluation platform Braintrust confirmed unauthorized access to one of its AWS accounts containing customer-stored API keys for cloud AI models. The company immediately urged all customers to rotate and replace any keys stored with the service. The incident has been contained with internal secrets rotated.
- api-keys
On May 6, 2026, AI evaluation platform Braintrust disclosed that an attacker had gained unauthorized access to one of its Amazon Web Services accounts, exposing API keys that customers had stored within the service for cloud-based AI models.
Public reporting indicates the breach was limited to a single AWS account. Braintrust stated that it immediately rotated all internal secrets, contained the incident, and notified customers to replace any API keys they had stored with the platform. The company has not disclosed the precise number of affected users or the length of time the attacker had access. Available reporting describes the exposed material as API keys rather than broader categories of personally identifiable information such as names, payment details, or credentials for other services.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →