Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

IDE extension security and AI coding agents: what teams are missing


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9924
Topic starter  

TL;DR: AI-powered IDE extensions can manipulate coding agents, rewrite Git history, leak credentials, and execute commands from inside the developer workspace, according to Knostic. The real issue is not the plugin alone but the trusted execution surface it creates, where conventional endpoint controls often have limited visibility.

NHIMG editorial — based on content published by Knostic: IDE extension security and AI coding agent risk

By the numbers:

Questions worth separating out

Q: How should security teams govern IDE extensions that can execute commands and access secrets?

A: Security teams should govern IDE extensions like privileged software inside a trusted execution environment.

Q: Why do AI-powered IDE extensions increase developer credential risk?

A: They increase credential risk because they can read local caches, environment variables, and workspace files while operating under the developer's authority.

Q: What breaks when IDE extensions are allowed broad workspace and shell permissions?

A: Broad permissions break least privilege at the point where code, secrets, and execution meet.

Practitioner guidance

  • Classify every IDE extension by capability, not by category Map each plugin to the exact rights it needs, including shell, network, file-system, and repo-write access.
  • Isolate AI-assisted extensions from the main editor session Run high-risk extensions and MCP connectors in constrained sandboxes with limited file access and tightly scoped outbound traffic.
  • Treat extension updates as security events Log installs, version changes, publisher changes, and manifest changes in the same monitoring pipeline you use for other privileged software.

What's in the full article

Knostic's full blog post covers the operational detail this post intentionally leaves for the source:

  • Step-by-step guidance for validating extensions, including publisher checks, manifest review, and baseline comparison before install.
  • Practical examples of sandboxing risky plugins and monitoring IDE behaviour without relying only on endpoint telemetry.
  • A five-layer defence framework for validation, permission control, sandboxing, monitoring, and incident response.
  • Knostic's runtime policy and visibility approach for IDE-native extension and MCP risk.

👉 Read Knostic's analysis of IDE extension security and AI coding agent risk →

IDE extension security and AI coding agents: what teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9408
 

IDE extension security is now an identity problem, not just an application security problem. Extensions and AI assistants inherit developer authority, and that authority often includes code access, secrets, and the ability to execute commands. Once those capabilities exist inside the workspace, governance has to cover entitlement scope, update trust, and runtime behaviour, not only software provenance. Practitioners should treat the IDE as a governed control plane for developer identity.

A few things that frame the scale:

  • 53% of MCP servers expose credentials through hard-coded values in configuration files, according to The State of MCP Server Security 2025.
  • A separate finding from the same research shows that 24,008 unique secrets were exposed in MCP configuration files in 2025 alone.

A question worth separating out:

Q: How do teams know if IDE extension controls are actually working?

A: Controls are working only if you can detect capability changes, unexpected shell invocations, abnormal file writes, and network calls from extensions before damage spreads. If those signals are not visible in logs or alerts, then policy exists on paper but not in practice. The right test is whether a compromised plugin would be caught before it can modify code or leak secrets.

👉 Read our full editorial: IDE extension security exposes a new attack surface for AI coding agents



   
ReplyQuote
Share: