Braintrust Data Breach: AWS API Keys Leaked, Prompting Rotation

Braintrust, an AI infrastructure provider, disclosed on March 5 2026 that an unauthorized party had gained access to one of its Amazon Web Services (AWS) accounts. The intrusion, detected when the company’s security team observed anomalous API call patterns, resulted in the exposure of a set of credentials used to interface with third‑party AI model providers. The compromised credentials included long‑lived API keys stored in AWS Secrets Manager, as well as short‑lived service tokens tied to the company’s internal IAM roles. Braintrust’s chief technology officer, Alex Mercer, confirmed that the attackers leveraged a misconfigured IAM role with the ARN arn:aws:iam::123456789012:role/ServiceRole, which had overly broad permissions to invoke AI APIs.

The stolen keys gave the adversary access to model inference endpoints from providers such as OpenAI, Cohere, and Google Cloud AI. According to an incident report shared with SecurityWeek, the attackers attempted to exfiltrate token usage logs and, in a limited number of cases, injected malicious prompts into live inference sessions. Forensic analysis revealed that the breach originated from a compromised developer workstation that stored the AWS access key in an environment variable, exposing it to a spear‑phishing campaign that delivered a remote‑access Trojan. The attacker then used the key to assume the ServiceRole, enumerating and extracting secrets for multiple AI services before the session was terminated.

Upon discovery, Braintrust immediately rotated all exposed API keys, revoked the compromised IAM role, and enforced a mandatory 90‑day key rotation policy across its cloud environment. The company engaged a third‑party incident response firm, Mandiant, to conduct a thorough forensic investigation and to validate the removal of lingering backdoors. Braintrust also notified the affected AI providers, which have since invalidated the exposed tokens and are monitoring for any misuse. Additional remediation steps include enabling AWS CloudTrail on all regions, enforcing multi‑factor authentication on root and privileged accounts, and implementing least‑privilege IAM policies that limit role assumption to specific services.

The Braintrust breach highlights the escalating risk of credential theft in cloud‑native AI deployments, where large‑scale model serving often requires persistent API access. Security analysts warn that organizations should treat API keys and IAM credentials as high‑value assets, applying the same rigor used for traditional secrets management. Braintrust’s public post‑mortem recommends regular automated rotation, the use of AWS IAM Access Advisors to prune unused permissions, and the adoption of hardware security modules (HSMs) for storing the most sensitive AI service tokens. As the AI ecosystem expands, such practices will be critical to preventing similar incidents across the industry.