The gist: At least 15 JetBrains plug-ins exfiltrate API keys for OpenAI, DeepSeek, and other AI services via external servers.
At least 15 plug-ins from the JetBrains Marketplace transmit developer API keys to external servers while performing their documented functions. This threatens productive environments across development teams.
Security researchers have identified a campaign in the JetBrains Marketplace aimed at exfiltrating API keys. The affected plug-ins actually implement their documented functions but simultaneously send API keys configured in the IDE to external servers. This allows attackers to evade superficial scrutiny through code review and marketplace moderation.
The plug-ins target developers who want to integrate AI services like OpenAI, DeepSeek, or other services into their development workflows. Anyone who has installed such plug-ins must assume their API keys are compromised. These provide direct access to paid resources and can be abused for large data volumes — both for queries and for data exfiltration via the APIs themselves.
For CTOs, this means the JetBrains Marketplace should not be treated as a trustworthy source. What is needed are central policies for plug-in approval, regular audits of installed extensions, and strict secret management with rotation of all potentially exposed keys. DeepSeek and OpenAI keys should be regenerated immediately if any of the affected plug-ins were in use by the team.
Source: www.heise.de · Published 17 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.