This post is also available in:
עברית (Hebrew)
A growing security concern is emerging in the world of AI-assisted code editors, as a lack of proper oversight in third-party extension marketplaces is exposing developers to serious threats. Recent findings show that alternative editors based on the open-source Visual Studio Code project—such as Cursor, Windsurf, and others—are increasingly vulnerable to supply chain attacks.
These editors cannot access Microsoft’s official Visual Studio Marketplace due to licensing restrictions, forcing them to rely on Open VSX and similar third-party platforms. Unlike Microsoft’s ecosystem, these marketplaces lack robust security scanning and manual review, creating a fertile ground for attackers.
One such case, recently uncovered by Secure Annex researchers, involved a malicious extension aimed at developers working with the programming language Solidity. The extension, downloaded over 200,000 times, ran a PowerShell script granting remote access to affected systems.
The incident highlights the risks of relying on unvetted marketplaces. While Microsoft’s store employs automated scanning and manual review to detect suspicious activity, Open VSX currently lacks these defenses. As one researcher noted, the malicious extension could have been detected with even basic security analysis.
The issue is particularly concerning for users of AI-powered editors—or “vibe coders”—who often depend on Open VSX to enhance their workflows with extensions unavailable elsewhere. With over 8 million developers accessing the platform, the impact of a compromised extension could be far-reaching.
Following the discovery, Open VSX responded quickly by removing the malicious packages and suspending the associated publisher accounts. However, the incident underscores a broader challenge: balancing openness with the need for security.
As the use of AI-enhanced coding tools grows, so too does the attack surface. Security experts are urging developers to treat all third-party code—whether from Open VSX, private registries, or even official marketplaces—as potentially unsafe unless verified.
The need for stronger vetting mechanisms in open ecosystems is becoming increasingly clear, especially as more developers rely on these platforms in their day-to-day work.
