AI evaluation platform Braintrust has advised its clients to promptly revoke and replace their API keys after confirming a security breach involving unauthorized access to one of its Amazon Web Services (AWS) cloud accounts. This incident potentially exposed sensitive customer information.
In a communication sent to its customers, which was reviewed by TechCrunch, Braintrust acknowledged the breach and emphasized that it had reached out to one affected client. The company reassured that there is currently no evidence of widespread exposure.
The email stressed the importance of rotating any API keys stored with Braintrust, urging all customers to take this precautionary measure. The company also announced on its website that it has contained the incident, secured the compromised account, and conducted an audit to restrict access across related systems.
Braintrust is actively investigating the cause of this breach. According to spokesperson Martin Bergman, the notification to customers was made out of an "abundance of caution," asserting that while a security incident was confirmed, no evidence of a significant breach has been found as of yet.
Braintrust serves as a monitoring platform for AI models and products, described by founder and CEO Ankur Goyal as an "operating system for engineers building AI software." The startup recently secured $80 million in a Series B funding round, raising its valuation to $800 million.
Jaime Blasco, co-founder of cybersecurity firm Nudge Security, noted that incidents like these could have significant downstream effects on AI companies that depend on Braintrust's services.
Cybersecurity experts point out that hackers often target corporate accounts on cloud services to gain access to valuable secrets, such as API keys. With these keys, attackers can infiltrate systems, masquerading as legitimate users without needing to penetrate the target's infrastructure directly.
This incident reflects a broader trend in the tech industry, where similar breaches have occurred. For instance, CircleCI, a company providing development tools for software engineers, experienced a comparable breach in 2023, prompting a similar response to secure customer data.
As the digital landscape evolves, the importance of robust cybersecurity measures becomes increasingly critical. The proactive steps taken by Braintrust in addressing this breach could set a precedent for how tech companies manage and secure sensitive information in the future.