Bottom line: At least 15 malware plugins in the JetBrains Marketplace were designed to steal AI API keys from developers and gain access to internal corporate services.
Security researchers have identified at least 15 malicious plugins in the JetBrains Marketplace specifically designed to steal AI API keys from developers. This compromise of a trusted developer platform puts the API credentials of millions of potentially affected users at risk.
At least 15 malware-infected plugins were discovered on the official JetBrains Marketplace. The plugins were systematically constructed to exfiltrate AI API keys from local development environments. This includes keys for well-known AI services as well as company-specific API credentials stored in configuration files or environment variables.
The compromise is critical because the JetBrains Marketplace is regarded by developers worldwide as a trusted source for IntelliJ IDE extensions. Through this trusted position, attackers were able to reach a broad user base. Stolen API keys allow attackers to make expensive AI API requests under the name of the affected company, retrieve data, or breach connected services.
For CISOs, this represents a significant risk in the developer ecosystem, which is traditionally less monitored. The incident underscores the need for stronger control of marketplace-based dependencies such as IDE plugins and not treating development environments as trusted zones where credentials can remain unprotected.
Source: www.bleepingcomputer.com · Published June 16, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrasing and classification through Lumi News Pipeline v1.7.1.