Attackers published at least 15 malicious plugins to the JetBrains Marketplace, disguising them as AI coding assistants powered by DeepSeek and similar models. These plugins silently steal API keys for AI services such as OpenAI, Anthropic, and others from developers’ machines. A related wave of malicious Chrome extensions is also capturing conversations from AI chatbot interfaces, broadening the attack surface.

Security Architect’s Take: Audit all JetBrains plugins installed across your engineering fleet immediately and remove any AI assistant plugins not sourced from a verified, internal allowlist. Enforce secrets scanning in CI/CD pipelines and rotate any AI provider API keys that may have been exposed on developer workstations, treating them as compromised until confirmed otherwise.

Original advisory: Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats