Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: chrome-extensions (1 article)Clear

Malicious JetBrains plugins steal developers' AI API keys on entry

Aikido Security uncovered a coordinated campaign of at least 15 malicious plugins on the JetBrains Marketplace that pose as AI coding assistants but secretly steal the AI provider API keys developers enter. The plugins offer real features like chat, code review, and commit messages, so they work as advertised, but the moment a user pastes in an OpenAI, DeepSeek, or SiliconFlow key and clicks Apply, the key is silently sent to an attacker server over plain HTTP, with no prompt. The campaign has run since late October 2025, with new plugins as recent as June 10, and uses inflated downloads and fake reviews. Separately, malicious Chrome extensions were found capturing chatbot conversations.

Check
Review which JetBrains IDE plugins and browser extensions developers have installed, especially AI-assistant tools, and check whether any AI provider API keys were entered into third-party plugins rather than official integrations.
Affected
Developers who installed the malicious JetBrains AI-assistant plugins and entered OpenAI, DeepSeek, or SiliconFlow API keys; users of malicious Chrome extensions that harvest chatbot conversations are also exposed.
Fix
Remove untrusted AI plugins and extensions, rotate any AI provider API keys that were entered into them, restrict key permissions and spend limits, and source AI tooling only from vetted, official publishers.