Widespread Theft of AI Keys via JetBrains Plugins and Chrome Chat‑Capturing Extensions

Colleagues, I want to draw attention to cybersecurity incidents: malicious JetBrains plugins are stealing AI API keys, and Chrome extensions are capturing conversations.
- Aikido Security found ≥15 plugins posing as AI assistants; entered keys are sent to attackers' servers.
- Some plugins (CodeGPT, DeepSeek) have thousands of downloads; stolen keys may be sold to third parties.
- Researcher Jean‑Marie R. described operation “PromptSnatcher”: two ad‑block extensions record user chats and metadata.
Why it matters: compromised keys and prompts lead to charges, confidential data leaks and LLMjacking.
What measures are you already using to protect keys and extensions?
#cybersecurity #APIkeys #supplychain #infosec


Latest comments
No comments yet.