In June 2026, an attack on JetBrains IDE plugins was detected, targeting the theft of artificial intelligence API keys. How did the breach occur, and what steps can you take to prevent losses?
Over the past few weeks, the tech industry has been abuzz with news of a large-scale attack on JetBrains plugins, designed to steal artificial intelligence API keys. According to reports published by The Hacker News and BleepingComputer, malicious plugins distributed through JetBrains’ official Marketplace were surreptitiously harvesting sensitive data, exposing thousands of developers and companies to serious financial and reputational losses.
This incident is not isolated—history has seen attacks on plugins in other development environments, such as VS Code and Eclipse. However, the scale and direct threat to AI tools make it particularly dangerous. In this article, we explain how the attack unfolded, which plugins were involved, and—most importantly—what steps you should take to secure your development environment.
How did the attack happen? Breach mechanism
The attack on JetBrains plugins was no accident—it employed a multi-layered infection method designed to maximize the theft of API keys. According to security analyses, malicious plugins were distributed as tools for AI model integration or IDE productivity enhancements. In reality, they contained hidden code that:
- Scanned JetBrains configuration files for stored API keys (e.g., in
~/.config/JetBrains/directories or environment variables), - Exploited vulnerabilities in plugin execution mechanisms to evade detection by standard security tools,
- Transmitted stolen data to remote servers controlled by attackers, often via encrypted channels (e.g., DNS-over-HTTPS),
- In some cases, enabled takeover of active AI chat sessions by manipulating IDE process memory.
To date, no official list of malicious plugins has been published by JetBrains or any other source. Media reports, however, suggest the attack was large-scale—hundreds, if not thousands, of users may have fallen victim. According to The Register, some plugins had been distributed for over a year, indicating the attack was purposeful and long-term.
Who fell victim to the attack? Threat scale
While JetBrains has not disclosed the number of affected users, media reports suggest the attack was global and large-scale. The most vulnerable were individuals and organizations using:
- AI models from OpenAI, Hugging Face, Anthropic, and other providers,
- IDE plugins offering AI integration (e.g., code autocompletion, documentation generation),
- Development environments used in startups, corporations, and open-source projects.
It remains unclear whether the attack targeted specific sectors, but experts warn that API key theft can lead to severe consequences:
- Use of stolen keys for costly computational attacks (e.g., training AI models at someone else’s expense),
- Theft of sensitive business data transmitted via AI chat sessions,
- Distribution of malware on behalf of the victim (e.g., through automatically generated code containing backdoors).
As Dark Reading points out, this attack is further evidence that threats to AI tools extend beyond the network—they increasingly target local development environments.
JetBrains' response: What did the vendor do? What do they recommend to users?
JetBrains confirmed the incident on June 10, 2026, via its official security blog. The company took the following actions:
- Blocked suspicious plugins in the JetBrains Marketplace,
- Launched an investigation to identify the attack’s source and scope,
- Recommended that users immediately update their IDEs to the latest versions (e.g., IntelliJ IDEA 2026.2, PyCharm 2026.2),
- Warned against installing suspicious plugins and advised reviewing existing ones,
- Encouraged users to rotate all AI API keys used in their tools.
JetBrains has not released a specific list of malicious plugins. According to experts, this may stem from concerns about spreading panic or due to the ongoing investigation. The company has also not confirmed whether the attack was linked to a specific hacking group.
It’s worth noting that JetBrains is not alone in facing such threats. Earlier, in 2023 and 2024, malicious plugins were detected in the VS Code Marketplace and Eclipse Marketplace, containing cryptocurrency miners or backdoors. In 2025, GitHub also introduced mandatory scanning of plugins for malware—another sign that this is an industry-wide issue.
Which AI models and tools are at risk?
The JetBrains plugin attack targeted all AI API keys stored locally in the IDE environment. According to available information, the following were at risk:
- API keys for OpenAI (ChatGPT, Codex, DALL·E),
- Keys for Hugging Face models (e.g., Stable Diffusion, BLOOM),
- Keys for Anthropic models (Claude),
- Keys for other providers, such as Mistral AI, Cohere, or local model instances (e.g., Llama).
In some cases, attackers were able to intercept active AI chat sessions. This means hackers could not only steal API keys but also export conversations, manipulate model responses, or inject malicious code into answers.
Experts emphasize that the threat affects not only individual developers but also companies using AI in their business processes. API key theft can lead to leakage of sensitive business data, costly computational attacks, or even extortion.
Previous cases of attacks on AI tools and IDEs
To better understand the threat landscape, let’s look at earlier attacks on development tools and AI:
- 2023 – VS Code Marketplace: The "Dracula Theme" plugin contained a cryptocurrency miner, infecting thousands of users.
- 2024 – Eclipse Marketplace: The "JDT Language Server" plugin included a backdoor enabling remote code execution.
- 2025 – Phishing for OpenAI keys: Attackers impersonated official OpenAI pages to trick developers into revealing API keys.
- 2025 – GitHub: Mandatory plugin malware scanning was introduced after several infection cases were detected.
These incidents show that threats to AI tools and IDEs are not new, but the June 2026 attack stands out due to its scale and direct goal: API key theft.
How to protect yourself? Practical security guide
If you use JetBrains IDEs (e.g., IntelliJ IDEA, PyCharm, WebStorm) and rely on AI tools, take the following steps to minimize risk:
1. Update your environment
The first and most critical step is to update your IDE to the latest version. JetBrains regularly releases security patches that may protect against known attacks. Ensure that:
- You have the latest IDE version installed (e.g., IntelliJ IDEA 2026.2+),
- Your operating system and antivirus software are up to date,
- You use official distribution channels (e.g., JetBrains website).
2. Review and disable suspicious plugins
Even without an official list of malicious plugins from JetBrains, you should review your installed plugins and remove any that:
- Are no longer actively maintained (last update over a year ago),
- Come from unknown authors or suspicious sources,
- Claim to integrate with AI (e.g., "AI Assistant," "Code Genius") but aren’t developed by JetBrains or trusted communities,
- Trigger suspicious network activity (check IDE logs or use tools like Wireshark).
To do this:
- Open your IDE and go to Settings → Plugins.
- Review the list of installed plugins and remove any that raise concerns.
- Use the JetBrains Marketplace search to check ratings and reviews (e.g., https://plugins.jetbrains.com/).
3. Change API keys
If you suspect your API keys may have been compromised, invalidate them immediately and generate new ones. Follow your provider’s instructions:
- OpenAI: https://platform.openai.com/account/api-keys,
- Hugging Face: https://huggingface.co/settings/tokens,
- Anthropic: Contact customer support.
If you use keys in environment variables, update them in your operating system as well. Remember to:
- Never store keys in plaintext files or unencrypted locations,
- Use password managers (e.g., KeePassXC) to store keys,
- Limit key permissions (e.g., use keys with daily spending limits).
4. Monitor activity
To detect potential breaches, monitor your IDE environment’s activity. Check:
- IDE logs: Review log files (e.g.,
~/.config/JetBrains/) for suspicious network connections./log/ - Network traffic: Use tools like Wireshark or tcpdump to identify unknown connections.
- File changes: Verify if any suspicious files or code changes appear in your projects.
If you suspect a breach, report the incident to the appropriate authorities or your API provider.
5. Use external scanning tools
To enhance security, consider using external tools to detect malware. Here are some options:
- JetBrains Security Plugin (if available): A tool for scanning plugins for malicious code.
- YARA rules: Signature-based malware detection (e.g., https://github.com/Yara-Rules/rules).
- ClamAV: Open-source antivirus for file scanning (e.g., https://www.clamav.net/).
- OSSEC: Network activity monitoring tool (e.g., https://www.ossec.net/).
Was the attack mass-scale or targeted?
Currently, there is no definitive information on whether the attack was targeted or mass-scale. Media reports suggest hundreds, if not thousands, of users may have been affected. However, due to the lack of official statistics from JetBrains or law enforcement, it’s unclear whether the attack was:
- Widespread (e.g., automatic infection of all users of a specific plugin),
- Targeted (e.g., aimed at specific companies or industries).
Experts suggest that given the distribution method of malicious plugins (via the official JetBrains Marketplace), the attack was likely large-scale. However, it cannot be ruled out that some plugins were intentionally distributed among specific user groups.
Additionally, there is no information on whether attackers were able to exploit the stolen API keys for specific attacks. According to Dark Reading, possible scenarios include:
- Using keys for costly computational attacks (e.g., training AI models at someone else’s expense),
- Theft of sensitive business data transmitted via AI chat sessions,
- Spreading malware on behalf of the victim.
Summary: What steps should you take today?
The JetBrains plugin attack is yet another reminder that threats to AI tools and IDEs extend beyond the network. Increasingly, they target local development environments, posing serious risks to developers, companies, and the entire tech industry.
To protect yourself from losses, you should:
- Update your environment – install the latest JetBrains IDE and OS updates.
- Review installed plugins – remove suspicious ones and rely only on trusted sources.
- Change API keys – invalidate old keys and generate new ones, storing them securely.
- Monitor activity – check IDE logs and network traffic for suspicious activity.
- Use external tools – employ antivirus software, scanners, and password managers to enhance security.
Remember, the security of your development environment is critical—not just for you, but also for your clients and collaborators. Don’t underestimate this threat—take action today to avoid financial and reputational losses.
Sources
- https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html
- https://blog.jetbrains.com/security/2026/06/security-incident-in-jetbrains-marketplace/
- https://www.bleepingcomputer.com/news/security/malicious-jetbrains-plugins-caught-stealing-ai-api-keys/
- https://www.theregister.com/2026/06/11/jetbrains_plugin_ai_key_theft/
- https://www.darkreading.com/application-security/jetbrains-marketplace-malicious-plugins-ai-api-keys
- https://github.com/advisories?query=ecosystem%3Ajetbrains+type%3Areview
- https://www.jetbrains.com/help/idea/plugins-settings.html
Comments