Malicious JetBrains Marketplace plugins steal AI API keys from developers

At least 15 malicious plugins on the JetBrains Marketplace, discovered by Aikido Security, steal AI API keys from developers. The plugins, installed nearly 70,000 times, exfiltrate credentials to a hardcoded server when users click Apply. The campaign began in October 2025 and continued through June 2026.