Braintrust breach: AI evaluation startup confirms cloud hack, urges all customers to rotate API keys

The Braintrust breach has sent shockwaves through the AI development community after the startup confirmed unauthorized access to its Amazon Web Services cloud infrastructure. In an urgent email sent to customers on Monday, Braintrust instructed every user to revoke and replace their API keys stored on the platform.

This cloud security incident marks a critical moment for the fast-growing company, which provides evaluation tools for AI models. The compromised AWS account contained sensitive API keys that customers use to access cloud-based AI services from providers like OpenAI and Anthropic.

What happened in the Braintrust breach?

Braintrust disclosed the security event on its website Tuesday, stating that the incident has been contained. The company said it has locked down the compromised account, audited access across related systems, and rotated internal secrets.

However, the startup’s email to customers revealed a more cautious posture. “We’ve communicated with one impacted customer and to date have not found evidence of broader exposure,” the message read. Despite this, Braintrust asked “every customer to rotate” any API keys they store with the platform.

Investigation into the AWS account compromise

The company confirmed that the cause of the Braintrust breach is still under investigation. Spokesperson Martin Bergman told TechCrunch that the email was sent “out of an abundance of caution,” adding that while the company confirmed a security incident, “there is no evidence of a breach at this time.”

This distinction matters in cybersecurity circles. A security incident means unauthorized access occurred, but a breach typically implies data was exfiltrated or misused. Braintrust is still determining whether customer data actually left its systems.

Why API key rotation matters after a cloud security incident

Hackers frequently target corporate cloud accounts and third-party platforms to steal API keys. Once obtained, these keys allow attackers to impersonate legitimate users and access internal systems without breaking into the target company’s networks directly.

Jaime Blasco, co-founder of cybersecurity firm Nudge Security and a recipient of Braintrust’s breach alert, warned that the incident could have “downstream implications for affected customers.” AI companies relying on Braintrust’s platform may face heightened risk if their keys were exposed.

This is not the first time the tech industry has seen such a scenario. In 2023, CircleCI, a development tools provider, suffered a similar cloud data breach and asked customers to rotate “any and all secrets” stored on its platform. More recently, a European Union cybersecurity agency reported that hackers stole 92 gigabytes of data from a compromised AWS account used by the European Commission, affecting 29 EU entities.

Braintrust’s business and the stakes of the breach

Braintrust offers a platform that helps companies monitor and evaluate AI models and products. Founder and CEO Ankur Goyal previously described the service as an “operating system for engineers building AI software.” The startup raised $80 million in a Series B funding round in February, reaching a valuation of $800 million.

Given this rapid growth, the Braintrust breach raises questions about security practices at AI startups handling sensitive infrastructure. For companies integrating Braintrust into their AI development pipelines, the incident serves as a stark reminder to audit third-party security postures regularly.

Lessons for AI companies and developers

Building on this incident, developers should take immediate steps to protect their credentials. First, rotate all API keys stored with Braintrust. Second, review access logs for any suspicious activity tied to those keys. Third, consider implementing key rotation policies that automatically refresh credentials on a regular schedule.

For more on securing your development workflows, check out our guide on API key security best practices. Additionally, learn how to respond to cloud security incidents effectively.

As Braintrust continues its investigation, the broader AI ecosystem must stay vigilant. Cloud security incidents targeting API keys are becoming more common, and the stakes grow higher as AI tools handle increasingly sensitive data.

U.S. Court Sentences Latvian Hacker: Ransomware Gang Tapped Into Russian Government Databases

A recent U.S. Department of Justice (DOJ) ruling has spotlighted a disturbing connection between cybercriminals and the Russian state. A federal court sentenced Latvian national Deniss Zolotarjovs to over eight years in prison for his role in ransomware attacks carried out by the Karakurt gang. This case reveals how the ransomware gang allegedly accessed Russian government databases and law enforcement networks to intimidate victims.

The Karakurt Gang and Its State Ties

According to the DOJ, Zolotarjovs worked for Karakurt, a group led by former leaders of the Akira and Conti ransomware gangs. These leaders were previously sanctioned by the U.S. Treasury for links to Russian intelligence. Prosecutors detailed how the gang used access to Russian government databases to gather information on victims, amplifying their threats.

Building on this, the DOJ statement emphasized that the gang “fueled corruption” within the Russian government. Members paid bribes to officials to avoid taxes and military service, while the state provided a protective shield against Western law enforcement.

How Russian Databases Were Used

Security researchers have long warned that Russian state agencies often turn a blind eye to cybercriminals. The Karakurt case goes further, showing active collaboration. The gang reportedly exploited law enforcement connections to pressure victims into paying ransoms, disrupting critical U.S. systems like 911 emergency dispatch and stealing children’s health data.

In addition, the DOJ noted that the gang targeted over 54 companies, extracting at least $15 million in ransom payments. This level of success would be impossible without state complicity, experts argue.

Zolotarjovs’ Role and Sentencing

Zolotarjovs was responsible for “escalating pressure” on victims who refused to pay. He was arrested in Georgia in 2023, extradited to the U.S. in August 2024, and later pleaded guilty. His eight-year sentence reflects the severity of the attacks, which included data theft and service disruptions.

However, this case is just one piece of a larger puzzle. U.S. officials have repeatedly labeled Russia a “safe haven” for cybercriminals, citing the threat from ransomware as a top national security challenge. The Russian Foreign Ministry did not respond to requests for comment.

Broader Implications for Cybersecurity

This verdict underscores the urgent need for international cooperation against cybercrime. While Karakurt is no longer active—some operations change names to evade sanctions—the model persists. The DOJ’s findings highlight how state-backed cybercrime networks can operate with impunity.

To learn more about protecting your organization, explore our guide on ransomware prevention strategies. Additionally, understanding state-sponsored cyber threats can help businesses stay resilient.

Conclusion

The sentencing of Deniss Zolotarjovs marks a rare win against a ransomware ecosystem deeply entangled with the Russian state. Yet, as the DOJ revealed, the gang’s access to Russian government databases shows how cybercriminals continue to exploit state resources. This case serves as a stark reminder: ransomware is not just a technical problem—it’s a geopolitical one.

UK Commits £90m to Cybersecurity and Calls for New ‘Resilience Pledge’

The UK government has unveiled a £90m ($120m) injection into UK cybersecurity funding, aimed at bolstering the nation’s defenses against rising digital threats. Announced at the National Cyber Security Centre (NCSC) CYBERUK conference on April 22, Security Minister Dan Jarvis emphasized that the funds would primarily support small and medium-sized enterprises (SMEs). Alongside the financial commitment, Jarvis urged major organizations to sign a new Cyber Resilience Pledge, set to launch this summer.

Why This UK Cybersecurity Funding Matters for SMEs

SMEs often lack the resources to defend against sophisticated cyberattacks. This £90m package aims to help them adopt the Cyber Essentials standard, a government-backed certification that protects against common threats. According to NCSC data, quarterly certifications surpassed 10,000 for the first time last summer. Jonathan Ellison, NCSC Director for National Resilience, noted that uptake grew by 20% in the last financial year—the program’s best performance yet. However, he acknowledged that more work is needed to reach smaller businesses.

This investment is a step in the right direction, but critics argue it’s insufficient. James Neilson, SVP of International at OPSWAT, called the funding “nice on paper” but “nowhere near enough” to address the scale of the problem. He pointed out that many SMEs have no dedicated security teams, making it not just a funding issue but a knowledge gap. Trevor Dearing, director of critical infrastructure at Illumio, echoed this, saying businesses need “practical guidance on how to protect sensitive data and keep critical services running when incidents occur.”

What Is the Cyber Resilience Pledge?

The cyber resilience pledge is a voluntary commitment for large organizations to take three concrete actions: make cybersecurity a board-level responsibility, sign up to the NCSC’s free Early Warning service, and require Cyber Essentials certification across their supply chains. This initiative aims to create a ripple effect, encouraging better practices throughout the ecosystem. However, some experts question whether voluntary pledges will drive real change.

Board-Level Responsibility: A Key Requirement

Making cybersecurity a board-level issue ensures leadership accountability. This aligns with global trends where regulators increasingly hold executives responsible for breaches. By signing the pledge, organizations signal that cyber resilience is a strategic priority, not just an IT concern.

Supply Chain Security Through Cyber Essentials

Requiring Cyber Essentials certification from suppliers helps close vulnerabilities in the supply chain. This is particularly important given that many attacks target smaller vendors to gain access to larger networks. The NCSC’s Early Warning service, meanwhile, provides free threat alerts, helping organizations respond faster to incidents.

Critics Call for Stronger Incentives, Not Just Advice

While the government’s approach is welcomed, industry voices argue it relies too heavily on gentle encouragement. Jonathan Lee, Director of Cyber Strategy at TrendAI, told Infosecurity at CYBERUK: “The government and the NCSC are saying the right things, but we have to move from this position of gently encouraging organizations to providing some incentive.” He suggested exploring tax credits for businesses that invest in resilience, noting that “if we can incentivize people to do that, that would be a good thing.”

Currently, UK businesses developing innovative cybersecurity solutions can claim Research and Development (R&D) tax relief to reduce Corporation Tax or receive cash payments. However, this scheme is limited to tech developers, not the broader SME base that needs support. As James Neilson pointed out, “SMEs either have small security teams or none at all, so it’s not just a funding issue but also a knowledge issue.”

What’s Next for UK Cybersecurity Funding?

The £90m investment and the Resilience Pledge represent a dual strategy: immediate financial aid for SMEs and a long-term cultural shift for larger organizations. Yet, as the debate over incentives continues, the government may need to revisit its approach. For now, businesses should explore Cyber Essentials certification and consider joining the NCSC’s Early Warning service to strengthen their defenses.

In a landscape where cyber threats evolve daily, the UK’s commitment is a positive step—but whether it’s enough remains to be seen. As Jonathan Lee put it, “We’re told it’s a team sport and everyone needs to work together.” The question is whether the government’s playbook will inspire the whole team to act.