Launching the AI ​​test Braintrust confirms the breach, it tells each customer to rotate the hard keys.

AI analytics startup Braintrust has urged customers to return and replace their API keys following a breach of customer privacy.

According to an email sent to customers on Monday and seen by TechCrunch, the startup confirmed “unauthorized access” in one of its Amazon Web Services (AWS) cloud accounts, which contained API keys used by customers to access cloud-based AI models.

“We have contacted one customer who was affected and so far have not found any visible evidence,” the email read.

The email asked “every customer to rotate” any API keys they store with Braintrust.

Braintrust to be revealed security incident on its website on Tuesday. “This incident occurred, and in the meantime, we have closed the compromised account, monitored and restricted access to all other systems, and updated internal privacy.”

The company said the cause of the breach is under investigation.

Braintrust spokesman Martin Bergman told TechCrunch that the company sent the email to customers “out of an abundance of caution” and that it had “confirmed security measures, but there is no evidence of a breach at this time.”

Braintrust provides a platform designed for companies to explore AI models and products. Founder and CEO Ankur Goyal previously told TechCrunch that Braintrust is like “a platform for AI software engineers.” Introduction earned $80 million in Series B funding around February, which cost the company at $800 million.

Jaime Blasco, co-founder of the cybersecurity startup Nudge Security who received an email warning of the breach from Braintrust, told TechCrunch that the incident could have “downstream consequences for affected customers,” such as the AI ​​companies that rely on Braintrust.

Hackers often target corporate accounts cloud services or third-party platforms as a good way to steal confidential information, such as API keys. Once hackers get their hands on API keys, they can gain access to company or customer systems pretending to be legitimate users, without needing to log into the company they want.

CircleCI, a company that provides professional development for software developers, was hit by the same data breach in 2023, and also asked its customers to change “any secrets” they keep with the company.

Recently, the EU cybersecurity agency said hackers were able to steal 92 gigabytes of data from an AWS account used by the European Commission. The breach affected 29 other EU agencies and the data of many internal customers of the European Commission.