Malicious JetBrains Marketplace plugins steal AI API keys from developers

At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. The campaign, discovered by Aikido Security, includes plugins that pose as AI coding tools and silently exfiltrate OpenAI, DeepSeek, and SiliconFlow credentials to

Bleeping Computer's writeup walks through the malware's tradecraft: plugins install cleanly, advertise plausible AI features, and only exfiltrate once the developer has logged in with their API key in the IDE. JetBrains has since removed the listed plugins and is auditing the rest of the marketplace, but the incident is the most concrete example yet of the new attack surface created by AI coding workflows — wherever an API key can be copied to "make the tool work," there's a new phishing target. The story complements the prompt-injection-in-source-code piece from Ars Technica (entry #6) and points to a year of "AI supply chain" security incidents that developers and security teams will be triaging for the rest of 2026.