Multiple JetBrains IDE plugins caught stealing AI keys
A clever corporate espionage campaign has been discovered operating directly inside developer environments. A coordinated cluster of at least 15 distinct JetBrains IDE plugins, spread across seven seemingly separate vendor accounts, was found to be malicious. The extensions are purpose-built to locate, extract, and exfiltrate highly sensitive AI provider API keys (such as OpenAI, Anthropic, and cloud provider tokens) that engineers paste into their IDE configurations or environment settings. This allows the attackers to hijack expensive corporate AI infrastructure and potentially access proprietary data processed by those AI models.Organizations must enforce strict endpoint application policies to block the installation of unverified, third-party IDE extensions across the entire engineering fleet. Security teams must perform an inventory of all active JetBrains plugins, immediately uninstall the identified malicious entities, and enforce a blanket revocation and rotation of all enterprise AI platform API tokens.If you need expert assistance in identifying compromised packages, securing your CI/CD pipelines, or conducting an emergency supply chain audit, contact Cyberlinx today to protect your development environment.
Related Articles





