If you use JetBrains IDE and have installed any AI coding assistant plugin in the past eight months, stop what you're doing and read this. Aikido Security has discovered at least 15 malicious plugins on the JetBrains Marketplace — collectively installed over 70,000 times — that have been quietly stealing AI API keys from developers since October 2025. The plugins targeted OpenAI, DeepSeek, and SiliconFlow API keys, and the campaign was still active as of June 10, 2026. This is one of the largest developer-targeted credential theft campaigns ever documented.
How the Attack Worked — And Why It Was So Hard to Detect
The malicious plugins were published under seven different vendor accounts, each presenting as legitimate AI coding tools. They functioned exactly as advertised: code completion, AI assistance, documentation generation. The theft happened silently in the background. According to BleepingComputer, when a user entered their API key into the plugin's settings and clicked Apply, the plugin's save() method performed two simultaneous actions: it stored the key locally (so the plugin kept working normally) AND silently transmitted the key to the attacker's server. No prompt, no consent screen, no error message, no UI indication whatsoever.
The two most downloaded malicious plugins were DeepSeek AI Assist (27,727 downloads) and CodeGPT AI Assistant (25,571 downloads). The campaign monetized stolen keys by reselling them as "AI API access" services — customers paying for what were essentially stolen credentials while original key holders continued to be billed. Some victims only discovered their keys had been stolen when they received unexpected API bills in the thousands of dollars.
The Business Model of Stolen API Keys
OpenAI API keys, DeepSeek API keys, and SiliconFlow keys are not just credentials — they're linked to billing accounts. A stolen API key doesn't just expose your data; it exposes your credit card. The before/after for any compromised developer: Before discovering the theft, your AI API usage looked normal in your dashboard. After theft, you may see unexplained usage spikes, billing anomalies, or — if the attacker was careful — no visible sign at all while your key is quietly resold. According to Hackread, the campaign had collected 70,000+ keys across seven vendor accounts, turning stolen access into a subscription-style revenue operation.
What You Need to Do Right Now — Step by Step
Step 1: Go to your JetBrains installed plugins list immediately. Check for DeepSeek AI Assist, CodeGPT AI Assistant, or any AI-related plugin installed between October 2025 and June 2026. Treat all of them as potentially compromised. Step 2: Rotate every AI API key you use — OpenAI, DeepSeek, SiliconFlow, Anthropic, Google AI — regardless of whether you used a plugin, because the full list of affected plugins may not be complete. Step 3: Check your API usage dashboard for each service for the past 6–8 months. Unexplained usage means report it to the provider immediately — most have fraud processes for stolen key incidents. Step 4: Remove affected plugins from JetBrains. As we covered in our piece on enterprise cybersecurity threats in 2026, developer toolchain attacks are increasingly the preferred attack vector because developers have simultaneous privileged access to production systems, secrets, and billing accounts.
Why Developer Toolchains Are the New Attack Surface
Enterprise perimeter security has gotten very good. Phishing has gotten harder as MFA adoption rises. So sophisticated attackers have pivoted to the developer toolchain — the IDEs, plugins, package managers, and CI/CD tools developers trust implicitly. The JetBrains Marketplace, like VS Code Extension Marketplace and Chrome Web Store, operates on a publish-first, audit-later model. For US enterprises using JetBrains IDEs across Java, Kotlin, and Android shops — this is a supply chain security incident requiring immediate org-level response, not just individual action. As we covered in our analysis of AI security vulnerabilities and developer tools in 2026, this attack pattern is likely to be replicated in other developer marketplaces.
What This Means for You
For individual developers: Rotate all API keys today — no exceptions. This takes 20 minutes and eliminates the risk entirely. For engineering managers: Issue an all-hands immediately, share the Aikido Security disclosure, and mandate API key rotation across the team. For CISOs: Add JetBrains plugin approval to your security toolchain policy — no AI plugin should be installed without IT security review. For startup founders: If your engineering team uses JetBrains, your OpenAI or DeepSeek API keys may be compromised. Check your billing dashboards now.
Frequently Asked Questions (FAQs)
Q: Which JetBrains plugins were stealing AI API keys?
A: The two most downloaded malicious plugins were DeepSeek AI Assist (27,727 downloads) and CodeGPT AI Assistant (25,571 downloads). In total, 15 plugins across seven vendor accounts were identified with a combined 70,000+ installs. Check the Aikido Security blog for the complete list.
Q: If I installed a compromised plugin, what happens to my API keys?
A: The moment you entered your AI API key into the plugin settings and clicked Apply, it was transmitted to the attacker's server. Assume the key is compromised and rotate it immediately. Also check your API usage dashboards for billing anomalies over the past 8 months.
Q: How do I rotate my OpenAI API key?
A: Go to platform.openai.com → API Keys → delete the compromised key and create a new one. Update the new key anywhere it's used (environment variables, CI/CD secrets, .env files). Repeat for every other AI API provider you use.
Q: Can Indian developers working with JetBrains IDEs be affected?
A: Yes, absolutely. The attack is not geography-specific — any developer worldwide who installed the affected plugins and entered API keys is potentially compromised. Indian developers at IT firms and startups using JetBrains for Java or Kotlin development should rotate their API keys immediately.
Q: How can I avoid this kind of attack in the future?
A: Only install plugins from developers with verifiable identity and long publication history. Prefer plugins with open-source repositories. Never enter API keys into a plugin's settings UI — use environment variables or secrets managers so the key is never handled by the plugin directly.
70,000 installs over eight months. The JetBrains malicious plugin campaign is a wake-up call: your IDE is now an attack surface, and the plugins you trust most are the ones attackers target first. Rotate your keys today.
