\n<\/p>\n
AI evaluation startup Braintrust has urged customers to revoke and replace their API keys after an earlier breach of customer secrets.<\/p>\n
According to an email sent to customers Monday and seen by TechCrunch, the startup confirmed \u201cunauthorized access\u201d in one of its Amazon Web Services (AWS) cloud accounts, which contained API keys used by customers for accessing cloud-based AI models.<\/p>\n
\u201cWe\u2019ve communicated with one impacted customer and to date have not found evidence of broader exposure,\u201d read the email.<\/p>\n
The email asked \u201cevery customer to rotate\u201d any of the API keys that they store with Braintrust.<\/p>\n
Braintrust disclosed the security incident on its website on Tuesday. \u201cThe incident has been contained, and in the meantime, we\u2019ve locked down the compromised account, audited and restricted access across related systems, and rotated internal secrets.\u201d\u00a0<\/p>\n
The company said the cause of the breach is under investigation.<\/p>\n
Braintrust spokesperson Martin Bergman told TechCrunch that the company sent the email to customers \u201cout of an abundance of caution\u201d and that it \u201cconfirmed a security incident, but there is no evidence of a breach at this time.\u201d<\/p>\n
Techcrunch event<\/p>\n
\n\t\t\t\t\t\t\t\t\tSan Francisco, CA<\/span> Braintrust provides a platform designed for companies to monitor AI models and products. Founder and CEO Ankur Goyal previously told TechCrunch that Braintrust is like an \u201coperating system for engineers building AI software.\u201d The startup raised $80 million in a Series B funding round in February, which valued the company at $800 million.<\/p>\n Jaime Blasco, the co-founder of cybersecurity startup Nudge Security who received a breach email alert from Braintrust, told TechCrunch that the incident could have \u201cdownstream implications for affected customers,\u201d like AI companies that rely on Braintrust.<\/p>\n \t\t\tDo you have more information about this breach? Or other data breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.\t\t<\/p><\/div>\n Hackers frequently target corporate accounts on cloud services or third-party platforms as an effective way of stealing secrets, like API keys. Once hackers get their hands on API keys, they can log into the company or customers\u2019 systems appearing as if they are legitimate users, without needing to break into the target company\u2019s systems.\u00a0<\/p>\n CircleCI, a company that provides development products for software engineers, was hit with a similar cloud data breach in 2023, and similarly asked its customers to rotate \u201cany and all secrets\u201d they stored with the company.<\/p>\n More recently, an EU cybersecurity agency said hackers were able to steal 92 gigabytes of data from a compromised AWS account used by the European Commission. The breach affected 29 other EU entities and the data of dozens of internal European Commission clients.<\/p>\n<\/div>\n
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 13-15, 2026<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\nContact Us<\/h4>\n