15 JetBrains Marketplace plugins were quietly stealing developers' AI API keys (~70,000 installs)
Aikido Security discovered 15 malicious plugins on the JetBrains Marketplace that steal developers' AI API keys for OpenAI, DeepSeek, and SiliconFlow. These plugins, collectively installed around 70,000 times, exfiltrate API keys in plaintext over HTTP to an attacker-controlled server. The stolen keys are then resold to paying customers, creating a self-funding illicit cloud compute business. The campaign has been active since October 2025 and continued releasing updates as recently as June 2026. Manual code review by JetBrains failed to detect this coordinated supply-chain attack. Developers who entered API keys into these plugins should assume compromise and rotate their keys immediately. The full removal status of these plugins from the marketplace is not confirmed.
AI Analysis
Technical Summary
Since October 2025, a coordinated malware campaign involving 15 JetBrains Marketplace plugins has been stealing AI API keys from developers. These plugins masquerade as legitimate AI coding assistants and Git tools but silently exfiltrate API keys for OpenAI, DeepSeek, and SiliconFlow to a hardcoded attacker IP address via plaintext HTTP. The attackers monetize the stolen keys by redistributing them to paying plugin subscribers, effectively creating a resale service that funds itself. The plugins are published under seven vendor accounts, indicating a coordinated infrastructure. Despite JetBrains' manual code review process, these supply-chain attacks remained undetected for eight months. The campaign highlights the JetBrains plugin ecosystem as a confirmed attack surface for AI credential theft. The latest plugin versions with theft code were confirmed as recently as June 10, 2026. The full removal timeline and vendor response remain unclear.
Potential Impact
Developers who installed any of the 15 malicious plugins risk having their AI API keys exposed and misused. Stolen keys can lead to unauthorized usage charges on OpenAI, DeepSeek, and SiliconFlow accounts. The resale model amplifies exposure by distributing stolen credentials to paying customers, increasing the scale of unauthorized access. The campaign compromises developer trust in JetBrains Marketplace plugins and demonstrates a significant supply-chain risk in developer tooling. The ongoing operation of these plugins as of June 2026 suggests continued risk until removal and key rotation occur.
Mitigation Recommendations
No official vendor advisory or patch status is provided in the source. Users who have entered AI API keys into any JetBrains AI-related plugins, especially CodeGPT AI Assistant and DeepSeek AI Assist, should immediately assume their keys are compromised and rotate them. Review and remove any suspicious or untrusted plugins from JetBrains Marketplace installations. Monitor official JetBrains communications for plugin removal updates and consider restricting plugin installations to trusted sources. Since the plugins exfiltrate keys over plaintext HTTP, network monitoring for suspicious outbound traffic to the attacker IP (39.107.60.51) may help detect compromise. Patch status is not yet confirmed — check JetBrains advisories for current remediation guidance.
15 JetBrains Marketplace plugins were quietly stealing developers' AI API keys (~70,000 installs)
Description
Aikido Security discovered 15 malicious plugins on the JetBrains Marketplace that steal developers' AI API keys for OpenAI, DeepSeek, and SiliconFlow. These plugins, collectively installed around 70,000 times, exfiltrate API keys in plaintext over HTTP to an attacker-controlled server. The stolen keys are then resold to paying customers, creating a self-funding illicit cloud compute business. The campaign has been active since October 2025 and continued releasing updates as recently as June 2026. Manual code review by JetBrains failed to detect this coordinated supply-chain attack. Developers who entered API keys into these plugins should assume compromise and rotate their keys immediately. The full removal status of these plugins from the marketplace is not confirmed.
Reddit Discussion
Aikido Security found 15 plugins on the JetBrains Marketplace posing as coding assistants and Git tools powered by OpenAI, DeepSeek, and SiliconFlow.
They work as advertised, but any AI API key you put in the plugin settings gets sent back to the attacker. Installs total close to 70,000; the two biggest are DeepSeek AI Assist (27,727) and CodeGPT AI Assistant (25,571).
Aikido calls it a resale scheme: keys lifted from free users get handed to paying customers, monetizing both ends. The plugins started in October 2025 and kept appearing as recently as June 10. BleepingComputer pulled the latest DeepSeek AI Assist build and confirmed the theft code is still in it.
If you've entered an API key into a JetBrains AI plugin, assume it's exposed and rotate it.
Source : https://aiweekly.co/alerts/aikido-uncovers-15-jetbrains-plugins-stealing-ai-api-keys
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Since October 2025, a coordinated malware campaign involving 15 JetBrains Marketplace plugins has been stealing AI API keys from developers. These plugins masquerade as legitimate AI coding assistants and Git tools but silently exfiltrate API keys for OpenAI, DeepSeek, and SiliconFlow to a hardcoded attacker IP address via plaintext HTTP. The attackers monetize the stolen keys by redistributing them to paying plugin subscribers, effectively creating a resale service that funds itself. The plugins are published under seven vendor accounts, indicating a coordinated infrastructure. Despite JetBrains' manual code review process, these supply-chain attacks remained undetected for eight months. The campaign highlights the JetBrains plugin ecosystem as a confirmed attack surface for AI credential theft. The latest plugin versions with theft code were confirmed as recently as June 10, 2026. The full removal timeline and vendor response remain unclear.
Potential Impact
Developers who installed any of the 15 malicious plugins risk having their AI API keys exposed and misused. Stolen keys can lead to unauthorized usage charges on OpenAI, DeepSeek, and SiliconFlow accounts. The resale model amplifies exposure by distributing stolen credentials to paying customers, increasing the scale of unauthorized access. The campaign compromises developer trust in JetBrains Marketplace plugins and demonstrates a significant supply-chain risk in developer tooling. The ongoing operation of these plugins as of June 2026 suggests continued risk until removal and key rotation occur.
Mitigation Recommendations
No official vendor advisory or patch status is provided in the source. Users who have entered AI API keys into any JetBrains AI-related plugins, especially CodeGPT AI Assistant and DeepSeek AI Assist, should immediately assume their keys are compromised and rotate them. Review and remove any suspicious or untrusted plugins from JetBrains Marketplace installations. Monitor official JetBrains communications for plugin removal updates and consider restricting plugin installations to trusted sources. Since the plugins exfiltrate keys over plaintext HTTP, network monitoring for suspicious outbound traffic to the attacker IP (39.107.60.51) may help detect compromise. Patch status is not yet confirmed — check JetBrains advisories for current remediation guidance.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a32a86b0b89be6888633f10
Added to database: 6/17/2026, 2:00:11 PM
Last enriched: 6/17/2026, 2:00:21 PM
Last updated: 6/17/2026, 5:30:05 PM
Views: 28
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.