◈ AI Security Intelligence ← Daily feed
Vulnerability  ·  2026-06-21

JetBrains Marketplace AI Plugin Supply-Chain Campaign Steals Developer API Keys (~70k Installs)

VulnerabilityHigh impactGlobal
What happened
On June 16, 2026, Aikido Security reported a coordinated campaign of 15 malicious plugins on the JetBrains Marketplace, active since October 2025. The plugins functioned as advertised (AI coding, commit-message generation, code review, bug finding) while silently exfiltrating any AI provider API key entered in their settings. BleepingComputer independently confirmed the theft code in the DeepSeek AI Assist plugin (ord.cp.code.ai.kit, ~27,727 downloads). JetBrains removed all 15 plugins and disclosed the incident on June 16–17, 2026. The attacker appears to resell stolen keys or use them directly, sometimes providing victims with stolen keys as a 'paid tier' benefit.
Why it matters
IDE plugins have unrestricted access to developer workstations — source code, cloud credentials, signing keys, and now AI API keys. This campaign demonstrates that threat actors are specifically targeting AI developer tooling as a high-value credential source. Stolen AI API keys enable model abuse at the victim's cost, exposure of confidential prompts and code sent to AI providers, and potential pivoting to cloud environments if the same key grants broader permissions.
Attack vector
Plugins masquerade as legitimate AI coding assistants, code-review tools, and Git utilities built on DeepSeek/OpenAI. When a developer pastes an AI provider API key into the plugin's settings panel and clicks Apply, a hidden save() handler immediately exfiltrates the key over unencrypted HTTP (bypassing TLS via a custom X509TrustManager) to a hardcoded attacker-controlled server (39.107.60[.]51). No user interaction beyond normal plugin setup is required.
Affected systems
15 malicious JetBrains Marketplace plugins (IDs including ord.cp.code.ai.kit, com.my.code.tools); all JetBrains IDEs (IntelliJ IDEA, PyCharm, WebStorm, GoLand, etc.)
Mitigation
Remove all 15 affected plugins immediately (see plugin IDs in JetBrains advisory). Rotate all AI provider API keys configured in JetBrains IDEs. Monitor AI provider billing for anomalous usage. Block outbound connections to 39.107.60[.]51. Advisory: https://blog.jetbrains.com/platform/2026/06/marketplace-ecosystem-security-update-malicious-ai-plugins
Sources
JetBrains Platform Blog — Marketplace Ecosystem Security UpdateBleepingComputer — Malicious JetBrains Marketplace plugins steal AI API keysInfosecurity Magazine — Fifteen JetBrains Marketplace Plugins Found Stealing API Keys
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →