AI-powered IDEs like Cursor and Windsurf are revolutionising development, but new research reveals a mounting security risk. These platforms may recommend extensions that do not exist in the OpenVSX registry, allowing threat actors to register such names and distribute malicious payloads. Because developers trust these recommendations, enterprises face increased vulnerability to code exfiltration or internal compromise via misleading extensions.
To mitigate risk, teams must manually verify extension sources, restrict allowed extension galleries, and raise awareness of supply chain threats. Automation in developer tools demands vigilant scrutiny by security teams. Trusting developer tools remains essential—yet only if paired with robust verification at every step.
AI-Powered IDEs Face Emerging Supply Chain Risks from Malicious Extension Recommendations
