Likelihood: HIGH
Impact: HIGH
Treatment: MITIGATE
Confidence: Moderate
Active, in-the-wild campaign with confirmed malicious plugins distributed through an official marketplace since October 2025 and 100,000+ browser installations elevates likelihood to high; impact is high because confirmed attack vectors directly target AI API keys (measurable financial loss from inference abuse) and exfiltrate conversation histories containing source code, business logic, and proprietary strategy shared with ten AI platforms, creating simultaneous financial, competitive-intelligence, and potential regulatory exposure.
Treatment rationale: Active credential theft with ongoing financial bleed from API key abuse requires immediate, concrete controls — audit, revocation, and developer toolchain hardening — rather than transfer or acceptance, because the exposure window is currently open and losses are accruing.
Third-Party / Supply-Chain Risk
Dual third-party injection points per NIST SP 800-161: (1) JetBrains Marketplace is a trusted supplier channel whose vetting controls failed to prevent 15 malicious plugins, meaning the organization's software supply chain is compromised at the IDE-layer for any developer who installed affected plugins; (2) Google Chrome Web Store delivered two malicious extensions at scale, and the affected platforms — OpenAI, Anthropic, Google, Microsoft, Perplexity, DeepSeek, xAI, Meta, SiliconFlow — are shared-platform dependencies whose API credentials and conversation data are now in adversary hands. The organization does not control the integrity of either distribution channel.
Loss Exposure (illustrative)
Magnitude: moderate-to-high — illustrative $50K–$500K per exposed organization depending on developer team size, AI API spend volume, and sensitivity of data shared with AI assistants
Frequency: For an organization with an active JetBrains developer team or Chrome-using workforce, treat as a near-certain single realized loss event if any affected plugin or extension was installed; recurrence risk is moderate given the campaign is ongoing and the distribution channel remains accessible
Annualized: Illustrative ALE: if one event per year is assumed at $50K–$500K loss magnitude, annualized exposure is in that same range; organizations with high AI API spend or high-sensitivity IP in AI conversations should weight toward the upper bound
Basis: Lower bound anchored to direct API inference abuse cost — sustained unauthorized inference on stolen keys across a developer team could accumulate thousands to tens of thousands of dollars before detection, plus incident response labor. Upper bound driven by secondary loss scenarios: competitive-intelligence value of exfiltrated source code and roadmaps, regulatory response costs if conversation data contained regulated information, and reputational consequence if customer data transited the affected AI platforms. Range is illustrative and organization-specific; no third-party benchmark report figures were used.
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• Exfiltration of conversation histories containing customer data, employee data, or regulated information may invoke state or federal breach-notification obligations — verify with counsel.
• Unauthorized third-party consumption of AI API keys billed to the organization may constitute a covered cyber-crime or funds-transfer-fraud event under existing cyber or crime policy — verify with broker.
• If proprietary source code or trade secrets were shared with affected AI platforms and are now exfiltrated, this may implicate IP protection or confidentiality clauses in customer or partner contracts — verify with counsel.
• Organizations subject to SOC 2, ISO 27001, or financial-sector regulations may face control-failure disclosure obligations if affected plugins were installed on in-scope developer systems — verify with counsel.
