Safety agency Aikido Safety has found malicious plug-ins within the JetBrains Market that intercept API keys from AI providers. In response to the researchers, no less than fifteen extensions are concerned, which have been put in almost 70,000 occasions in whole.
The plug-ins offered themselves as AI assistants for builders. They provided options comparable to chat, code opinions, commit message technology, bug detection, and unit assessments. Though the extensions did what they promised, they secretly despatched entered API keys to an exterior server within the background.
In response to Aikido Safety, the extensions used nearly an identical code. They appeared below totally different names and vendor accounts however contained the identical hidden performance. The primary variants surfaced in late October 2025. New variations continued to be printed as lately as June 2026, with the latest one showing on June 10.
To make use of the AI options, customers needed to enter an API key from providers comparable to OpenAI, DeepSeek, or SiliconFlow. As soon as this was saved, the plugin mechanically forwarded the important thing to a server managed by the attackers.
The researchers discovered a hard-coded IP tackle within the software program. The info was despatched by way of an unsecured HTTP connection to a server that had no connection to the aforementioned AI suppliers.
Customers have been unaware of this exercise. No warning or different notification appeared indicating that delicate information was being transmitted.
Suspicious income mannequin
Aikido Safety additionally found a paid model. Customers may acquire entry to AI performance for a charge. After fee, the plug-in obtained an API key from the identical exterior server after which used that key for AI requests.
In response to the researchers, it is a exceptional setup. They believe that the operators could have reused or resold stolen API keys. In that situation, unsuspecting customers present their very own keys, whereas paying clients acquire entry to those self same accounts.
Aikido’s findings have been confirmed by an unbiased evaluation by BleepingComputer. That publication examined the latest model of the DeepSeek AI Help plugin and located the identical performance for intercepting API keys.
Notably, in response to BleepingComputer, the plug-in in query was nonetheless obtainable by way of the JetBrains Market on the time of publication.
Builders are a lovely goal
The researchers place the marketing campaign inside a broader development of provide chain assaults focusing on builders. IDEs usually include supply code, cloud credentials, certificates, and different delicate information. In recent times, API keys for AI providers—which characterize direct monetary worth—have been added to this checklist.
Malicious plug-ins are notably well-positioned on this regard. They run inside a trusted growth surroundings and sometimes acquire in depth entry to information and settings.
Though JetBrains employs a guide evaluate course of for brand new plug-ins, in response to Aikido Safety, this marketing campaign demonstrates that hidden malicious performance can nonetheless slip via the checks.
Aikido advises builders to critically evaluate put in AI plugins and instantly exchange API keys if any of the affected extensions have been in use.