Executive Summary
On May 4, 2026, Braintrust, an AI evaluation platform, detected unauthorized access to one of its Amazon Web Services (AWS) cloud accounts containing customer API keys. The company immediately locked down the affected account, restricted access to related systems, and rotated internal credentials. Customers were notified on May 5, 2026, and advised to revoke and regenerate any API keys stored with Braintrust. As of the latest verified reports, only one customer has been confirmed as directly affected, though three additional customers reported suspicious spikes in AI provider usage, which are under investigation. There is no evidence of broader exposure or data exfiltration at this time. The incident highlights the risks associated with storing sensitive credentials in third-party AI platforms and underscores the importance of robust cloud security and supply chain risk management. The cause of the breach remains under investigation, and Braintrust is implementing additional safeguards to prevent recurrence.
Technical Information
The incident involved unauthorized access to a Braintrust AWS account that stored API keys used by customers to access cloud-based AI models. The initial access vector has not been publicly disclosed, but the compromise of cloud credentials is strongly indicated by the company’s incident response actions and public statements. Upon discovery of suspicious activity on May 4, 2026, Braintrust immediately locked down the compromised AWS account, audited and restricted access across related systems, and rotated all internal secrets. Customers were promptly notified and provided with indicators of compromise and remediation guidance.
The attack method aligns with the MITRE ATT&CK technique T1078 (Valid Accounts), specifically T1078.004 (Cloud Accounts), where attackers use stolen or compromised credentials to access cloud resources as legitimate users. This technique is commonly employed by both financially motivated and state-sponsored threat actors, though no specific attribution has been made in this case. There is no evidence of malware deployment, persistence mechanisms, or unique threat actor tactics, techniques, and procedures (TTPs) in the current incident.
Three additional customers reported suspicious spikes in AI provider usage, suggesting possible abuse of compromised API keys. However, the investigation is ongoing, and direct evidence of malicious use has not been confirmed. The breach underscores the growing trend of attackers targeting SaaS and AI infrastructure providers to gain indirect access to downstream customers, particularly in the technology and AI sectors where sensitive credentials are concentrated.
Braintrust’s response included engaging incident response experts, conducting a comprehensive audit of affected systems, and planning to implement new safeguards such as timestamps and user attribution for API key changes. The company’s actions are consistent with best practices for cloud incident response and supply chain risk mitigation.
Affected Versions & Timeline
The breach affected Braintrust’s AWS cloud infrastructure, specifically the account storing customer API keys for cloud-based AI models. The incident timeline is as follows: On May 4, 2026, suspicious activity was detected, and immediate containment actions were taken. Customers were notified on May 5, 2026, with public disclosure following on May 6, 2026. As of the latest reports, only one customer has been confirmed as directly affected, with three additional customers under investigation for suspicious usage patterns. The cause of the breach remains under investigation, and no evidence of broader exposure or data exfiltration has been found.
Threat Activity
The threat activity in this incident centers on unauthorized access to a cloud account and the exposure of API keys, which could allow attackers to access or abuse AI services as legitimate users. The attack method is mapped to MITRE ATT&CK techniques T1078 (Valid Accounts) and T1078.004 (Cloud Accounts), with potential relevance to T1586.003 (Compromise Accounts: Cloud Accounts) if further persistence mechanisms are identified. No malware or specific tools have been reported, and there is no evidence of lateral movement or data exfiltration beyond credential exposure.
The incident reflects a broader pattern of attackers targeting cloud and SaaS providers to compromise downstream customers, particularly in the AI sector. The lack of unique TTPs or malware artifacts precludes attribution to a specific threat actor. The company’s rapid response and ongoing investigation are consistent with industry best practices for managing cloud credential breaches.
Mitigation & Workarounds
The following mitigation actions are recommended, prioritized by severity:
Critical: All customers who stored API keys with Braintrust must immediately revoke and regenerate those keys. This action is essential to prevent unauthorized access to cloud-based AI models using compromised credentials.
High: Customers should audit their own cloud and AI provider accounts for suspicious activity, particularly spikes in usage or unauthorized access attempts, and implement monitoring for anomalous behavior.
High: Organizations should review and update their credential management policies, ensuring that API keys and other secrets are rotated regularly and not stored in third-party platforms without strong encryption and access controls.
Medium: Customers should enable multi-factor authentication (MFA) and least-privilege access controls for all cloud and SaaS accounts, reducing the risk of credential compromise.
Medium: Organizations should review their supply chain risk management practices, particularly when integrating with third-party AI and SaaS providers, and require vendors to demonstrate robust security controls.
Low: Customers are encouraged to stay informed about ongoing investigations and follow any additional guidance provided by Braintrust as new information becomes available.
References
TechCrunch, May 6, 2026: https://techcrunch.com/2026/05/06/ai-evaluation-startup-braintrust-confirms-breach-tells-every-customer-to-rotate-sensitive-keys/
Security Affairs, May 9, 2026: https://securityaffairs.com/191888/data-breach/braintrust-security-incident-raises-concerns-over-ai-supply-chain-risks.html
Mezha.net, May 6, 2026: https://mezha.net/eng/bukvy/7f4738bc_braintrust_warned_clients/
MITRE ATT&CK T1078: https://attack.mitre.org/techniques/T1078/
MITRE ATT&CK T1078.004: https://attack.mitre.org/techniques/T1078/004/
MITRE ATT&CK T1586.003: https://attack.mitre.org/techniques/T1586/003/
MITRE ATT&CK T1098.001: https://attack.mitre.org/techniques/T1098/001/
About Rescana
Rescana provides a third-party risk management (TPRM) platform designed to help organizations identify, assess, and monitor risks associated with their external vendors and service providers. Our platform enables continuous monitoring of vendor security posture, supports incident response coordination, and facilitates evidence-based risk assessments for cloud and SaaS supply chain exposures. For questions regarding this advisory or to discuss your organization’s risk management needs, please contact us at ops@rescana.com.
