The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
Infosecurity Magazine

Fifteen JetBrains Marketplace Plugins Found Stealing API Keys

Security researchers have uncovered a coordinated campaign designed to steal developers’ AI-related API keys via malicious ...

The Hidden Complexity In AI Infrastructure: Why Credentials Are The Real Attack Surface

The Weaviate incident in 2025 illustrated this clearly. A researcher discovered an exposed OpenAI API key in a public ...
Developer Tech

JetBrains marketplace malware exposes developer API keys

Security researchers identified a coordinated malware campaign within the JetBrains Marketplace designed to exfiltrate ...

Multiple plugins for JetBrains IDEs steal API keys for OpenAI, DeepSeek & Co.

At least 15 plug-ins for JetBrains IDEs transmit API keys to an external server, while otherwise offering their promised ...
Security

Nightfall AI: 35% of exposed API keys are still active and vulnerable to exploit

Nightfall AI today published findings from its annual State of Secrets Report. This research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total ...

Why AI agents could create a new control and security crisis

AI agents are rapidly evolving from productivity assistants into autonomous systems capable of accessing enterprise data, ...
CSOonline

AI programming copilots are worsening code security and leaking more secrets

Copilot-enabled repos are 40% more likely to contain API keys, passwords, or tokens — just one of several issues security leaders must address as AI-generated code proliferates. AI coding assistants ...
MUO on MSN

I stopped juggling AI APIs and switched everything to one that actually works

I can use virtually every language, speech, image, and video model with one API key.

Google Bug Hunter Claims $500K From AI-Assisted Vulnerability Pipeline

A researcher claims an AI-assisted pipeline helped earn $500,000 in Google bug bounty payouts, raising API security and ...
Security Boulevard

Everyone Is Buying AI Guardrails. But Agents Have the Keys to the Car.

The first wave of AI security looked a lot like a WAF for LLMs: inspect the prompt, filter the output, block the obvious bad ...

From KYC To KYA: Securing AI-Driven Transactions In The Enterprise

Organizations today must determine whether an autonomous system should be trusted to execute a specific transaction at a ...