VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Widespread Theft of AI Keys via JetBrains Plugins and Chrome Chat‑Capturing Extensions

Массовая кража ключей AI через плагины JetBrains и Chrome‑расширения, перехватывающие чаты

Colleagues, I want to draw attention to cybersecurity incidents: malicious JetBrains plugins are stealing AI API keys, and Chrome extensions are capturing conversations.

- Aikido Security found ≥15 plugins posing as AI assistants; entered keys are sent to attackers' servers.
- Some plugins (CodeGPT, DeepSeek) have thousands of downloads; stolen keys may be sold to third parties.
- Researcher Jean‑Marie R. described operation “PromptSnatcher”: two ad‑block extensions record user chats and metadata.

Why it matters: compromised keys and prompts lead to charges, confidential data leaks and LLMjacking.

What measures are you already using to protect keys and extensions?
#cybersecurity #APIkeys #supplychain #infosec

Latest comments

No comments yet.