AI observability startup Braintrust disclosed that an attacker gained unauthorized access to one of its AWS accounts, potentially exposing customer secrets used to connect Braintrust to cloud-based AI providers. The company detected suspicious activity on May 4, 2026, locked down the affected account, rotated internal credentials, restricted access to related systems, and engaged incident response experts. Braintrust has confirmed impact to one customer and is investigating suspicious AI-provider usage spikes reported by three additional customers, though it says broader exposure has not been identified. All organization administrators with stored AI provider keys were notified, and customers are urged to rotate any org-level AI provider keys used with Braintrust as a precaution. The incident illustrates AI supply chain risk, since stolen API keys can let attackers abuse downstream AI services while appearing as legitimate users.
// Alert
AWS threat report
// AWSMEDIUM
// Get alerts for AWS