Rotate organisation-level upstream LLM keys held by Braintrust customers

Customers of Braintrust must rotate organisation-level API keys for every connected LLM provider (OpenAI, Anthropic, Azure OpenAI) and the SaaS credentials reachable from the same blast radius (Box, Cloudflare, Dropbox, Notion, Ramp, Stripe per SecurityWeek) regardless of whether the specific key was confirmed exposed (TechCrunch, 2026-05-06 · SecurityWeek, 2026-05-08). Audit upstream-provider usage logs for anomalous call-volume or geographic-origin shifts around 2026-05-04.