AI evaluation platform Braintrust is urging customers to rotate their API keys after hackers breached an internal AWS account on May 4th, potentially exposing credentials used to access AI models from companies like OpenAI and Anthropic. While only one customer has confirmed impact so far, security experts warn the real risk extends to downstream organizations including Box, Cloudflare, Dropbox, and Stripe, whose AI provider credentials may have been stored in Braintrust's system. The incident highlights a new supply chain vulnerability where AI observability tools become credential warehouses and prime targets for attackers.