Security researchers have identified two potential attack vectors targeting developer AI API keys and session credentials via malicious plugins in the JetBrains plugin marketplace and malicious extensions in the Chrome extension store disguised as AI assistant tools. No CVE is assigned; no confirmed IOCs are available from Tier 1 sources at time of publication. The threat is policy and configuration-addressable through plugin allowlisting and secrets management controls.
