In May 2026, security researchers uncovered a wave of fake AI tool websites designed specifically to steal developer credentials, GitHub tokens, and API keys. Scammers registered domains that mimicked legitimate developer tools, created convincing landing pages, and distributed links through social media, forums, and even compromised npm packages.

This isn’t phishing 1.0. It’s supply chain attacks disguised as developer productivity tools. Here’s everything you need to know to stay safe.

How the Attacks Work

The pattern follows three common vectors:

1. Clone Sites and Domains

Attackers register domains that differ from real tool URLs by a single character or use lookalike TLDs. Visit the site, enter your API key or GitHub token to “get started,” and your credentials are harvested.

Signs to spot:

  • Domains that are slightly misspelled versions of well-known tools
  • Sites claiming to offer “free” access to paid AI APIs
  • No company information, privacy policy, or about page
  • Pressing language with time-limited “free credits”

2. Malicious npm/PyPI Packages

The most insidious vector. Attackers publish packages with names similar to popular libraries. You install them thinking you’re getting a useful tool, but they execute credential-stealing code on install.

Recent examples include packages that looked like legitimate AI wrapper libraries but actually grabbed GitHub tokens, AWS credentials, and SSH keys from your environment.

3. Social Engineering via Social Platforms

Discord servers, Reddit threads, and Twitter threads promoting “free API credits” or “unlimited access” to popular AI models. The link goes to a credential-harvesting page.

How to Protect Your Credentials

Use Environment Variable Scoping

Never paste API keys directly into a terminal. Use a secrets manager like 1Password CLI, Pass, or Doppler to scope credentials to specific projects. Compromise of one tool shouldn’t expose your entire credential vault.

Audit Your Dependencies

Run dependency audits regularly:

npm audit
pip audit
pipenv verify

Check package names carefully — a single extra character can mean a malicious actor.

Pin Specific Versions

Always pin exact dependency versions in your lock files. This prevents attackers from injecting malicious updates while you sleep.

Use Short-Lived Tokens

GitHub personal access tokens should have minimal scopes and expire frequently. Use GitHub Apps or fine-grained tokens instead of classic PATs.

gh auth setup-git

Browser Extensions That Help

Extensions like Bitwarden and 1Password auto-detect fake login pages that mimic legitimate services. Enable their phishing protection features.

Monitor Your Account Activity

Enable MFA everywhere. Check your GitHub account’s authorized apps and OAuth token list regularly. If you see an app you don’t recognize, revoke it immediately.

What to Do If You’ve Been Hit

  1. Revoke the token immediately. Go to your provider’s security settings and invalidate the compromised credential.
  2. Rotate all related credentials. If you reused the same key or pattern, change them all.
  3. Check for unauthorized activity. Look at GitHub commit history, cloud provider logs, and API billing for anomalies.
  4. Report it. File a bug with your provider and report the domain to your browser and security communities.

Building a Security Culture

The developer tool bill problem has a security cousin: when teams are drowning in tools, they stop vetting new ones. Establish a simple process:

  1. New tool? Check the domain age, company info, and reviews.
  2. npm package? Verify the author, download counts, and code.
  3. API key request? Question why and what scope it needs.

The Bottom Line

Fake AI tools represent a real and growing threat to developer security. The good news: most attacks rely on haste and trust, not sophisticated exploits. Slow down, verify before you install, and never paste credentials into a site you haven’t verified. Your GitHub account is worth more than a free API key.