Braintrust AI evaluation platform AWS account breach — multi-tenant LLM-provider keys and SaaS credentials at risk; mandatory key rotation across customer base

Braintrust, a US-based AI evaluation and observability platform, confirmed on 2026-05-06 that an attacker accessed one of its AWS accounts on 2026-05-04 (TechCrunch, 2026-05-06 · SecurityWeek, 2026-05-08). The compromised account contained organisation-level API keys customers use to connect to upstream LLM providers (OpenAI, Anthropic, Azure OpenAI). SecurityWeek separately notes that customers commonly federate access from Braintrust into Box, Cloudflare, Dropbox, Notion, Ramp, and Stripe, framing those as adjacent SaaS providers whose credentials warrant the same audit posture; the Braintrust statement itself does not enumerate exposed third-party credentials. Braintrust locked the account, audited related infrastructure, rotated internal secrets, and instructed every customer to rotate organisation-level AI provider credentials regardless of whether their specific keys were confirmed exposed. One customer was confirmed compromised and three others reported anomalous AI usage spikes consistent with credential abuse during the post-incident review. No specific Swiss/EU customer impact was identified in available sources at this run's window close.

The incident class is architecturally significant for European public-sector AI pilots: AI-evaluation and observability platforms aggregate API credentials for many LLM providers per customer organisation, so a single SaaS-tier compromise propagates into a multi-provider credential event for every downstream tenant. The same risk profile applies to AI gateways (LiteLLM, see § 4 / § 6 KEV deadline), agent-evaluation harnesses, prompt-rule-based observability, and AI prompt-management platforms.