💥 Read this awesome post from TechCrunch 📖
📂 **Category**: Security,AI,Braintrust,cybersecurity,data breach,hackers,hacking
✅ **What You’ll Learn**:
Artificial intelligence evaluation startup Braintrust has urged customers to revoke and replace their API keys after a previous breach of customer secrets.
According to an email sent to customers on Monday and seen by TechCrunch, the startup confirmed “unauthorized access” to one of its Amazon Web Services cloud accounts, which contains API keys that customers use to access cloud-based AI models.
“We have reached out to one affected customer and have so far found no evidence of broader exposure,” the email said.
The email asks each Recycling Client which API keys it stores with Braintrust.
Braintrust disclosed the security incident on its website on Tuesday. “The incident has been contained, and in the meantime, we have locked down the compromised account, audited and restricted access across relevant systems, and shared internal secrets.”
The company said the cause of the violation is under investigation.
Braintrust spokesperson Martin Bergmann told TechCrunch that the company sent the email to customers “out of an abundance of caution,” and that it “confirmed a security incident occurred, but there is no evidence of a breach at this time.”
TechCrunch event
San Francisco, California
|
October 13-15, 2026
Braintrust provides a platform designed for companies to monitor AI models and products. Founder and CEO Ankur Goyal previously told TechCrunch that Braintrust is like “an operating system for engineers who build AI software.” The startup raised $80 million in a Series B funding round in February, which valued the company at $800 million.
Jaime Blasco, co-founder of cybersecurity startup Nudge Security, who received an email alert from Braintrust, told TechCrunch that the incident could have “ramifications for affected customers,” such as AI companies that rely on Braintrust.
Contact us
Do you have more information about this hack? Or other data breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram and Keybase @lorenzofb, or email.
Hackers often target company accounts on cloud services or third-party platforms as an effective way to steal secrets, such as application programming interface (API) keys. Once hackers have the API keys, they can log into a company’s or customer’s systems as if they were legitimate users, without having to break into the target company’s systems.
CircleCI, a company that provides development products for software engineers, experienced a similar cloud data breach in 2023, and similarly required its customers to swap “any and all secrets” they stored with the company.
Most recently, the European Union’s cybersecurity agency said hackers were able to steal 92 gigabytes of data from a compromised Amazon Web Services (AWS) account used by the European Commission. The breach affected 29 other EU entities and the data of dozens of internal European Commission clients.
When you buy through links in our articles, we may earn a small commission. This does not affect our editorial independence.
🔥 **What’s your take?**
Share your thoughts in the comments below!
#️⃣ **#evaluation #startup #Braintrust #confirms #hack #occurred #customer #rotate #sensitive #keys**
🕒 **Posted on**: 1778091364
🌟 **Want more?** Click here for more info! 🌟
