Subscribe to the Non-Human & AI Identity Journal
Home FAQ Agentic AI & Autonomous Identity What breaks when IDE extensions are installed without…
Agentic AI & Autonomous Identity

What breaks when IDE extensions are installed without runtime monitoring?

← Back to all FAQ
By NHI Mgmt Group Editorial Team Updated July 9, 2026 Domain: Agentic AI & Autonomous Identity

Teams lose visibility into what the extension actually does after installation. A plugin can look legitimate in the marketplace yet still read environment variables, write hidden files, or launch child processes that expose secrets or alter code paths. Runtime monitoring is the only way to catch behaviour that manifest review and static scans miss.

Why This Matters for Security Teams

IDE extensions are not just convenience layers; they run inside developer workstations with access to source code, credentials, tokens, and build tooling. Without runtime monitoring, a plugin that appears benign at install time can still change behaviour later, especially after updates, configuration changes, or environment-specific triggers. NHI Management Group highlights how visibility gaps remain a core weakness in identity security, and the same pattern applies to extension-driven access paths in development environments via the Ultimate Guide to NHIs — Key Challenges and Risks.

The security issue is not limited to malicious code. A legitimate extension can inherit broad filesystem, process, and network permissions, then interact with secrets stored in local config, environment variables, or dev containers. That creates a gap between what static review can prove and what the extension actually does at runtime. Current guidance from NIST SP 800-53 Rev 5 Security and Privacy Controls supports continuous monitoring, because trust decisions based only on install-time reputation are incomplete. In practice, many security teams encounter extension abuse only after secrets have already been accessed, exfiltrated, or used to alter code paths.

How It Works in Practice

Runtime monitoring focuses on what an extension does after installation, not just what it declares in the marketplace. For IDEs, that usually means watching child process creation, outbound connections, file writes, environment access, and unexpected reads of sensitive workspace content. A strong control plane correlates these actions with developer context so security teams can distinguish normal linting or indexing from behaviour that touches secrets or launches suspicious external tooling.

For NHI-heavy environments, the practical model is closer to continuous identity and behaviour verification than one-time approval. If an extension is allowed to reach tokens, API keys, or local certificates, it should be governed like any other non-human identity. That means short-lived privileges, explicit scope, and clear revocation paths through NHI Lifecycle Management Guide. Teams should also map extension activity to least privilege and monitoring requirements in Top 10 NHI Issues, then validate those controls against NIST SP 800-53 Rev 5 Security and Privacy Controls.

  • Monitor process spawning from the IDE and its extensions.
  • Alert on reads of secrets-bearing paths, env vars, and credential stores.
  • Track unusual network destinations, especially paste sites, webhooks, and unknown APIs.
  • Require allowlisting or policy-based approval for extensions that touch code execution paths.
  • Revoke or quarantine extensions when behaviour changes after update.

These controls tend to break down in developer environments with broad local admin rights and unmanaged side-loaded extensions, because the host itself becomes the blind spot.

Common Variations and Edge Cases

Tighter runtime monitoring often increases friction for developers, requiring organisations to balance faster extension adoption against the operational overhead of alert tuning and approvals. That tradeoff is real, especially in fast-moving teams where plugins are installed daily and updated automatically.

Best practice is evolving for cases where extensions are installed from trusted marketplaces but then request broader runtime access than expected. There is no universal standard for this yet, so teams should treat marketplace reputation as a starting signal, not a control. The risk is higher when the extension runs inside remote dev containers, has access to shared workspace mounts, or can inherit cloud credentials from the local environment. The JetBrains GitHub plugin token exposure case illustrates how extension trust can fail when token handling is not observed at runtime, even if the install experience appears normal.

For organisations with stricter controls, a practical pattern is to pair extension allowlists with telemetry on secret access and process behaviour, then block extensions that request sensitive permissions without a documented business need. That approach aligns with the broader lessons in the Ultimate Guide to NHIs — Key Challenges and Risks, where visibility and rotation failures are recurring drivers of compromise.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10, OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10LLM-05Runtime monitoring catches tool and code actions that static trust misses.
OWASP Non-Human Identity Top 10NHI-06Extensions behave like non-human identities that need visibility and governance.
CSA MAESTROA3MAESTRO addresses monitoring and control of autonomous tool-using software.
NIST AI RMFGOVERNGovernance requires accountability for software that changes behaviour after install.
NIST CSF 2.0DE.CM-8Continuous monitoring is needed to detect malicious or unexpected extension activity.

Treat each extension as an identity, constrain its permissions, and monitor its activity continuously.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org