AI Security Incident Case: Jetbrains Plugin Supply Chain Attack Stealing AI Key

Security researchers at Aikido identified 15 malicious JetBrains IDE plugins that surreptitiously exfiltrated AI service API keys to an attacker-controlled server. These plugins, which mimicked legitimate tools for code completion and bug detection, impacted nearly 70,000 users by synchronously forwarding credentials via plaintext HTTP requests the moment a user saved their settings, according to data from Aikido and reports from The Hacker News.

How Do Malicious Plugins Bypass Security Audits?

Attackers bypass standard plugin marketplace audits by embedding malicious logic within legitimate, functional code. According to the Aikido research team, the 15 compromised JetBrains plugins—such as “DeepSeek Junit Test” and “CodeGPT AI Assistant”—share a core codebase that triggers a save() method when a user clicks “Apply.” Instead of merely saving the configuration, the script verifies the API key format and immediately transmits it to a hard-coded IP address (39.107.60.51). Because this execution occurs synchronously in the main thread without triggering authorization prompts, the theft remains invisible to the developer, effectively hiding the malicious behavior within standard plugin initialization.

The Economics of Stolen API Credentials

The stolen keys serve as the foundation for an underground AI service distribution network. According to findings from NSFOCUS, the attackers operate a self-sustaining loop: they harvest free API keys from unsuspecting developers and resell access to that computing power to paying customers. By using stolen keys instead of their own resources, the attackers minimize operational costs while maximizing the economic value of the compromised credentials. This model transforms API keys from simple configuration strings into high-value commodities traded within illicit ecosystems.

Why IDE Plugins Are Prime Targets for Supply Chain Attacks

Integrated Development Environments (IDEs) are highly trusted, resident environments that lack the sandbox restrictions found in web browsers. As noted by security analysts, IDE plugins often possess unrestricted access to the local file system, network, and environment variables. This makes them ideal vectors for supply chain attacks. Unlike the “GlassWorm” incident previously identified in the VS Code ecosystem, this JetBrains breach highlights a consistent trend: attackers are moving away from traditional malware toward exploiting the developer toolchain, where access to cloud service keys (AWS, GCP) and private code-signing certificates provides a significantly higher return on investment.

Comparison of IDE Supply Chain Threats

Frequently Asked Questions

Are my API keys safe if I use reputable plugins?

While major plugins are safer, the JetBrains incident proves that even plugins with high download counts and five-star reviews can be malicious. Always verify the publisher’s reputation and audit the permissions requested by the plugin before installation.

How can I protect my development environment?

Limit the scope of API keys by using fine-grained access tokens rather than broad administrative keys. Additionally, monitor your outbound network traffic for connections to unknown IP addresses originating from your IDE.

What should I do if I suspect a plugin is compromised?

Immediately revoke the API keys stored within that plugin, rotate your credentials on the AI service provider’s dashboard, and uninstall the suspicious extension. Report the plugin to the marketplace administrators to prevent further distribution.

Stay informed on the latest supply chain threats by subscribing to our cybersecurity newsletter. Have you encountered suspicious plugin behavior? Share your experience in the comments below.