AI platform Braintrust has advised its clients to change their API keys after a breach in their AWS account. The company discovered the security issue on May 4 and promptly informed its users the following day, providing details on the breach and recommended actions.
Initial Discovery and Response
Braintrust identified the incident after receiving alerts about suspicious activities. They promptly communicated with their customers, sharing indicators of compromise and outlining necessary steps to mitigate the risk. The company immediately secured the compromised AWS account, conducted a thorough audit of their systems, and began an internal investigation.
The breach potentially allowed attackers to access API keys that are used by various organizations to interact with Braintrust’s AI models. As a precautionary measure, the company urged all customers to update their organization-level AI provider keys.
Customer Impact and Precautions
While the investigation continues, Braintrust confirmed at least one customer was directly affected by the breach. Additionally, three other clients noticed unusual increases in AI usage, suggesting potential compromise. The company assured that no wider customer exposure has been detected so far, but emphasized the importance of vigilance.
Customers have been advised to visit their organization-level settings to revoke existing API secrets and replace them with new ones. This process includes verifying the rotation by checking the timestamp of the change.
Broader Implications and Expert Insights
Security experts, including Nudge Security CTO Jaime Blasco, highlighted the far-reaching implications of such breaches. The incident underscores the risks associated with SaaS platforms, where a single compromise can affect numerous downstream AI provider accounts.
Blasco described the situation as a new form of supply chain risk, where platforms that evaluate AI models and manage observability become critical targets for attackers. This incident serves as a reminder for companies to continually assess and secure their credential storage practices.
Related incidents involving other companies like Instructure, Vimeo, and Rituals further emphasize the growing threat of data breaches in various sectors.
