Malicious JetBrains Plugins Steal AI API Keys in Large-Scale Campaign Security researchers at Aikido Security uncovered a coordinated malware campaign targeting developers via the JetBrains Marketplace, where at least 15 malicious plugins were designed to steal AI API keys from users. The plugins, disguised as legitimate AI coding assistants, code-review tools, and Git utilities, exploited integrations with services like OpenAI, DeepSeek, and SiliconFlow to harvest credentials. First published in October 2025, the plugins continued to appear as recently as June 10, 2026, with nearly 70,000 cumulative downloads. While functioning as advertised, they secretly transmitted API keys to a hardcoded server (39.107.60[.]51) via HTTP when users saved their credentials. All 15 plugins shared near-identical malicious code, despite being listed under seven different vendor accounts. Notably, the plugins offered a paid tier after users paid a small fee, the server provided an API key for model calls, replacing the user’s own credentials. Aikido Security noted this behavior was unusual, as legitimate operators would not distribute unrestricted paid API keys. The most downloaded plugins DeepSeek AI Assist (27,727 downloads) and CodeGPT AI Assistant (25,571 downloads) remained available on the Marketplace at the time of reporting. However, researchers cautioned that download counts could be inflated. BleepingComputer independently verified the credential-theft code in the DeepSeek AI Assist plugin. While malicious packages are common on platforms like npm and PyPI, such campaigns are rare on the JetBrains Marketplace. JetBrains had not responded to inquiries at the time of publication. The full list of compromised plugins includes tools like DeepSeek Git Commit, AI Coder Review, and Coding Simple Tool.

DeepSeek, a Chinese AI provider, suffered a data breach linked to unsanctioned AI use, where sensitive corporate or user data—potentially including PII, proprietary code, or internal documents—was exposed due to employees inputting confidential information into unapproved AI models (e.g., public chatbots). The breach stemmed from shadow AI practices, where third-party AI tools (like DeepSeek’s own or others) stored and processed data without adequate security controls, leading to unauthorized access or leaks. The incident aligns with risks highlighted in the article: employees bypassing IT policies to use AI tools, resulting in data being retained on external servers with weaker protections. The breach not only violated data protection regulations (e.g., GDPR-like standards) but also risked further exploitation, such as adversaries accessing the leaked data or the AI model itself being compromised to exfiltrate additional information. The financial and reputational fallout included regulatory fines, loss of trust, and potential operational disruptions, compounded by the challenge of tracing all exposed data.

In early 2025, researchers at Wiz uncovered a vulnerable database operated by DeepSeek, exposing highly sensitive corporate and user data. The breach included chat histories, secret API keys, backend system details, and proprietary workflows shared by employees via the platform. The leaked data originated from shadow AI usage—employees bypassing sanctioned tools to use DeepSeek’s consumer-grade LLM for tasks involving confidential spreadsheets, internal memos, and potentially trade secrets. While no direct financial fraud or ransomware was confirmed, the exposure of authentication credentials and backend infrastructure details created a severe risk of follow-on attacks, such as spear-phishing, insider impersonation, or supply-chain compromises. The incident highlighted the dangers of ungoverned AI adoption, where ephemeral interactions with LLMs accumulate into high-value intelligence for threat actors. DeepSeek’s database misconfiguration enabled attackers to harvest years of prompt-engineered data, including employee thought processes, financial forecasts, and operational strategies—effectively handing adversaries a ‘master key’ to internal systems. Though DeepSeek patched the vulnerability, the breach underscored how shadow AI expands attack surfaces silently, with potential long-term repercussions for intellectual property theft, regulatory noncompliance (e.g., GDPR violations), and reputational damage. The exposure aligned with broader trends where 20% of organizations in an IBM study linked data breaches directly to unapproved AI tool usage, with average costs exceeding $670,000 per incident.

AI Infrastructure Security Crisis: Exposed Systems, Hardcoded Flaws, and Rampant Misconfigurations A recent investigation by the Intruder team reveals a alarming trend in AI infrastructure security, as rapid adoption outpaces safeguards. Scanning over 2 million hosts with 1 million exposed services, researchers found AI deployments riddled with vulnerabilities more severe than any other software category they’ve analyzed. No Authentication by Default A core issue: many self-hosted AI projects ship without authentication enabled, leaving sensitive data and tools exposed. Real-world examples included chatbots with unrestricted access to user conversation histories, multimodal LLMs vulnerable to jailbreaking, and even NSFW chatbots leaking API keys in plaintext. One OpenUI-based instance exposed full LLM conversation logs, while others allowed malicious users to bypass safety guardrails using corporate infrastructure to generate illegal content or solicit criminal advice. Exposed Agent Platforms and Business Logic Agent management platforms like n8n and Flowise were frequently found misconfigured, with some instances mistakenly exposed to the internet. One Flowise deployment revealed an entire LLM chatbot’s business logic, including credential lists (though stored values remained protected). Another exposed parsing tools and local functions capable of server-side code execution. Across sectors government, finance, and marketing over 90 exposed instances were identified, enabling attackers to modify workflows, redirect traffic, or poison responses. Unsecured Ollama APIs: A Gateway to Frontier Models Researchers discovered 5,200+ exposed Ollama APIs with connected models, 31% of which responded to unauthenticated queries. While Ollama doesn’t store conversation data, many instances wrapped paid models from Anthropic, Google, Deepseek, Moonshot, and OpenAI 518 in total. Responses ranged from health-focused assistants to cloud management integrations, highlighting the risks of unauthorized access to enterprise systems. Insecure by Design Lab analysis uncovered systemic flaws: - Poor deployment practices: Misconfigured Docker setups, hardcoded credentials, and applications running as root. - No authentication on fresh installs: Users granted high-privilege access by default. - Static credentials: Embedded in setup examples and `docker-compose` files. - New vulnerabilities: Arbitrary code execution found in a popular AI project within days. Root Cause: Speed Over Security The findings underscore a broader industry shift vendors and adopters prioritizing rapid deployment over decades of security best practices. While some projects abandon safeguards entirely, the pressure to outpace competitors exacerbates the problem. The result: AI infrastructure with a 2.6 CVE-per-day average (as seen in the ClawdBot incident), where misconfigurations and weak sandboxing amplify risks. The investigation serves as a stark reminder of the security debt accumulating in the AI gold rush.

DeepSeek, a generative AI platform, faced heightened concerns over privacy and security as it stores user data on servers in China. Security researchers discovered that DeepSeek exposed a critical database online, leaking over 1 million records, including user prompts, system logs, and API authentication tokens. The leaked information could lead to unauthorized access and misuse of user data, posing serious privacy and security risks. Furthermore, the platform's safety protections were found to be lacking when tested against various jailbreaks, illustrating a potential vulnerability to cyber threats.

DeepSeek’s R1 AI Model Disrupts Industry Amid Cyberattack and Soaring Demand Chinese AI startup DeepSeek has rapidly emerged as a major player in the generative AI race, drawing global attention after the release of its R1 reasoning model a low-cost, open-source alternative to OpenAI’s o1. Founded in April 2023 from a hedge fund’s AI research unit, DeepSeek has positioned itself as a challenger to industry leaders like OpenAI and Google, with ambitions to achieve artificial general intelligence (AGI). The R1 model, launched last week, has been praised for its performance and cost efficiency, reportedly trained for just $5.6 million a fraction of the expense behind rival models. Its open-source availability has fueled adoption, propelling DeepSeek’s AI Assistant app to the top of Apple’s U.S. App Store, briefly dethroning ChatGPT as the most-downloaded free app. However, the surge in popularity has come with security challenges. On Monday, DeepSeek announced temporary registration limits due to "large-scale malicious attacks" on its services, though existing users remain unaffected. The incident underscores the growing cyber risks facing high-profile AI platforms as they gain traction. DeepSeek’s rapid rise has also sparked debate about the sustainability of AI funding, with analysts questioning whether the industry’s billion-dollar valuations and aggressive spending are justified. Despite its lower development costs, the startup’s success signals a shift in the AI landscape, particularly as Chinese firms advance despite U.S. restrictions on high-end chip access. The company’s trajectory highlights the intensifying competition in AI, where cost efficiency and open-source innovation are reshaping the market.

In January 2025, Chinese AI specialist DeepSeek suffered a critical data leak exposing over 1 million sensitive log streams, including chat histories, secret keys, and internal operational data. The breach stemmed from a publicly accessible ClickHouse database with misconfigured access controls, granting unauthorized parties full administrative privileges—enabling potential data exfiltration, manipulation, or deletion. While Wiz Research promptly alerted DeepSeek, which secured the exposure, the incident highlighted vulnerabilities in cloud storage misconfigurations and endpoint security. The leaked data posed risks of intellectual property theft, credential compromise, and regulatory non-compliance (e.g., GDPR/CCPA fines). Given the scale and sensitivity of the exposed logs—likely containing proprietary AI model interactions and authentication tokens—the breach could undermine customer trust, competitive advantage, and operational integrity, with potential downstream effects like fraud, reputational damage, or supply chain attacks. The root cause aligned with unintentional leakage via misconfigured infrastructure, though insider threats or targeted exploitation remained plausible secondary risks.