AI Privacy IncidentMay 4, 2026

Braintrust AWS account compromise and customer API key rotation

Vendor: Braintrust
Product: Braintrust
Severity: medium
Status: ongoing
Users affected: undisclosed; rotation requested for all customers with stored keys

Summary

On May 5, 2026, Braintrust, an AI evaluation and observability platform, posted a website notice disclosing unauthorized access to one of its AWS accounts that held customer API keys for cloud-based model providers. The company emailed every customer the next day asking them to rotate any keys stored with the platform. Braintrust told TechCrunch it had identified one directly impacted customer and that the wider notice was sent out of caution while the investigation continues.

What happened

  • Braintrust observed suspicious activity in one of its AWS cloud accounts on May 4, 2026, and confirmed unauthorized access shortly afterward.
  • The affected account held customer API keys that the platform used to call third-party AI model providers on customers' behalf.
  • Braintrust said it locked down the account, audited and restricted access on related systems, and rotated its internal secrets.
  • On May 6, 2026, the company emailed all customers asking them to rotate any keys stored with the platform.

Timeline

  • 2026-05-04 - Braintrust observes suspicious activity in an AWS account and begins investigation.
  • 2026-05-05 - Braintrust posts a website notification confirming an incident.
  • 2026-05-06 - Braintrust emails customers requesting key rotation; TechCrunch and other outlets publish accounts of the disclosure.

What the vendor has confirmed

Braintrust spokesperson Martin Bergman told TechCrunch the company had "confirmed a security incident" and that the customer notice was sent "out of an abundance of caution." Braintrust said the incident had been contained and the cause was still under investigation. The company stated that as of disclosure it had identified one directly impacted customer and had no evidence of broader exposure.

What remains unclear

  • The root cause and the duration of the unauthorized access have not been disclosed.
  • Braintrust has not published the count of customers whose keys were stored in the affected account.
  • Whether the exposed keys were used against the third-party model providers they unlocked has not been disclosed.

Broader context

API keys held by AI middleware platforms fan out to every model and tooling vendor those keys unlock, so a single account compromise at the orchestrator can hand an attacker downstream access to multiple services without separately reaching each one. This concentration of credentials in evaluation, monitoring, and routing layers has been a recurring concern as the AI tooling stack has grown.

Sources

Selvam Sivakumar
Written by

Selvam Sivakumar

Founder, Elephas.app

Selvam Sivakumar is the founder of Elephas and an expert in AI, Mac apps, and productivity tools. He writes about practical ways professionals can use AI to work smarter while keeping their data private.

LinkedInFollow

Related Resources

news

ChatGPhish: Your Trusted AI Just Became the Phishing Surface

The ChatGPhish vulnerability turns any web page into a ChatGPT phishing attack the moment you ask it to summarize. What leaks with zero clicks, why the cloud assistant is the attack surface, and how to cut the risk.

9 min readnews

OpenAI Is Accused of Sharing ChatGPT Chats With Meta and Google

A California class action accuses OpenAI of allegedly routing ChatGPT query data to Meta and Google through Meta Pixel and Google Analytics. What the suit claims, why the leak vector is the website and not the model, and whether ChatGPT is safe for sensitive work.

7 min readnews

Claude Mythos Release: What It Means for Your Private Files

Anthropic is withholding Claude Mythos on cyber-safety grounds, but the public release lands in weeks. Here is what that means for the documents you put into AI tools, and the one move worth making first.

8 min readnews

Starlink Updated Its Privacy Policy on January 15. If You Don't Opt Out, Your Data Trains AI.

On January 15, 2026, SpaceX updated the Starlink Global Privacy Policy to allow customer data, including audio, video, and shared files, to be used for AI training. A breakdown of what changed, who's affected, and what to do today.

9 min read