AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys

AI evaluation startup Braintrust has urged customers to revoke and replace their API keys after an earlier breach of customer secrets. According to an email sent to customers Monday and seen by TechCrunch, the startup confirmed “unauthorized access” in one of its Amazon Web Services cloud accounts, which contained API keys used by customers for accessing cloud-based AI models. “We ve communicated with one impacted customer and to date have not found evidence of broader exposure,” read the email. The email asked every customer to rotate any of the API keys that they store with Braintrust. Braintrust disclosed the security incident on its website on Tuesday. “The incident has been contained, and in the meantime, we ve locked down the compromised account, audited and restricted access across related systems, and rotated internal secrets. The company said the cause of the breach is under investigation. Braintrust spokesperson Martin Bergman told TechCrunch that the company sent the email to customers “out of an abundance of caution,” and that it “confirmed a security incident, but there is no evidence of a breach at this time.” Techcrunch event This Week Only: Buy one pass, get the second at 50% off Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register before May 8 to bring a +1 at half the cost. This Week Only: Buy one pass, get the second at 50% off Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register before May 8 to bring a +1 at half the cost. San Francisco, CA | October 13-15, 2026 REGISTER NOW Braintrust provides a platform designed for companies to monitor AI models and products. Founder and CEO Ankur Goyal previously told TechCrunch that Braintrust is like an “operating system for engineers building AI software.” The startup raised $80 million in a Series B funding round in February, which valued the company at $800 million. Jaime Blasco, the co-founder of cybersecurity startup Nudge Security who received a breach email alert from Braintrust, told TechCrunch that the incident could have downstream implications for affected customers, like AI companies that rely on Braintrust. Contact Us Do you have more information about this breach? Or other data breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Hackers frequently target corporate accounts on cloud services or third-parties platforms as an effective way of stealing secrets, like API keys. Once hackers get their hands on API keys, they can log into the company or customers’ systems appearing as if they are legitimate users, without needing to break into the target company’s systems. CircleCI, a company that provides development products for software engineers, was hit with a similar cloud data breach in 2023, and similarly asked its customers to rotate “any and all secrets” they stored with the company. More recently, a EU cybersecurity agency said hackers were able to steal 92 gigabytes of data from a compromised Amazon Web Services (AWS) account used by the European Commission. The breach affected 29 other EU entities and the data of dozens of internal European Commission clients. When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence. Lorenzo Franceschi-Bicchierai Senior Reporter, Cybersecurity Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy. You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram. May 27 Athens, Greece StrictlyVC Athens is up next. Hear unfiltered insights straight from Europe’s tech leaders and connect with the people shaping what’s ahead. Lock in your spot before it’s gone. Most Popular As workers worry about AI, Nvidia s Jensen Huang says AI is creating an enormous number of jobs Lucas Ropek Anthropic and OpenAI are both launching joint ventures for enterprise AI services Russell Brandom Ouster s new color lidar is coming to replace cameras Sean O'Kane This tiny, magnetic e-reader could stop you from doomscrolling Amanda Silberling Uber wants to turn its millions of drivers into a sensor grid for self-driving companies Connie Loizos Hackers are actively exploiting a bug in cPanel, used by millions of websites Zack Whittaker Elon Musk testifies that xAI trained Grok on OpenAI models Tim Fernholz

AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys

Key takeaways

More in computer-science