Sure, AI tools can do this. However, VS Code is the platform. Why aren't more people worried about running arbitrary VS Code extension that can do the same thing, AI or not?
As an VSCode extension author, I am always terrified by the amount of power I have.
It is a shame that the team never prioritized extension permission issues [0] despite their big boss said security is the top priority [1]. All they have is "workspace trust" and various other marginally useful security measures.
I don't install a VSCode extension unless it is either official or well known and audited and I have to use it. I keep most of them disabled by default unless I need something for a project. (Even if you don't care about security, it's good for VSCode performance. I'll save that story for another day.)
The situation is absolutely insane, but it's also productive, but real security would slow everything down a lot. The moment you ask some corporate bureaucrat to put their signature down on a piece of paper saying that such and such dev tool is approved for use, they're going to block everything to avoid the responsibility implied by their approval. I can't really come up with a system that both works and is secure. The only exception is signing up for an integrated environment where Microsoft or Apple provides the OS, compiler, and editor. Oops - Apple doesn't sell servers, so only Microsoft offers this. Hope you like C#.
In theory you can mix and match, but in practice most bureaucrats will insist on single-sourcing.
Same thing for browser extensions: a simple browser extension (e.g. web dark mode), can read all your password fields. It's crazy that there are no proper permission scopes in any major browsers ! It would have been so easy to make password / email fields exempt from browser extensions unless they ask for the permission.
Installing any 3rd party dev dependency without sandboxing should terrify you. These supply chain attacks are not hypothetical.
Trusting other devs to not write malicious code has led to a surprisingly small number of incidents so far, but I don't think this will extrapolate into the future.
With more lines of code being auto-written without deliberate intent or review from an accountable author, things can only get worse!
I am (am worried) and recently stopped adding extensions by just the random anon. Also I take time to sanitise foreign (to my knowledge) gh repos using Claude code.
I don't really get how VSCode got so popular. You can use a language server perfectly easily with Vim, Emacs, Helix, Sublime, etc. You can customize basically everything in those editors, syntax, etc. You can just alias console commands for all of your build tools with some custom scripts if you need more complex build commands routinely. The git terminal tool works better than any VScode option. And VSCode is slower than all of those.
We already have so many good fast secure polygot customizable text editors. Why run one through Chrome and fill it with extensions for everything that will have arbitrary access to everything?
> I don't really get how VSCode got so popular. You can use a language server perfectly easily with Vim, Emacs, Helix, Sublime, etc.
You open it. It just works. And the learning curve is smooth.
Compare this to Vim where, if it's the first time you're opening it, you are forced to kill the process because you don't even know how to quit it, never mind actually do any productive work.
I'm sure you're being sincere here but this really reads like that famous HN comment about "who needs Dropbox when ftp exists". The reason vscode is popular is not because it does something impossible to do otherwise, but because it does those things out of the box with a friendly UI.
> You can use a language server perfectly easily with Vim, Emacs, Helix, Sublime, etc.
By the way, the language server protocol was originally developed for VSCode [1]. The popularity of LSP in other editors might have contributed to advertise VSCode.
I used Sublime for years and VSCode is vastly better (the breaking straw was how they'd silo off critical bug fixes in new versions that were pay-only, upon finding vscode I felt silly for not switching sooner, it was so much easier to use and more powerful). Still use vim daily but not as a general IDE, memorizing decades of weird character commands and directives is not a great use of my time.
my favorite VSCode feature is the SSH remote working feature. VSCode gives me the full editing / console / Claude environment on my local workstation, where all files, shells, and yes Claude as well run on a company lab machine over the VPN. Props to the collaborative working feature where several people can all share the same VSCode editor session on their individual workstations.
Vim can do the above two things if you run as a terminal app with tmux. Sublime could do it if you shared the editor via X or Waypipe (well not the second feature). But VSCode integrates it directly in the app and it's a much better experience.
This is why the architecture of AI tools matters so much. Any extension with full codebase access can exfiltrate - and the same risk exists for AI agents handling credentials or API keys.
We built a password automation tool (thepassword.app) specifically to address this: the AI model orchestrates browser navigation, but actual credential values are injected at the local browser level and never enter the model's context. Even if the model were compromised or prompt-injected, there's nothing sensitive to steal.
The lesson generalizes: for any AI tool touching sensitive data, the safest architecture keeps that data entirely outside the AI's reasoning loop.
> We install them without a second thought. They're in the official marketplace. They have thousands of reviews. They work. So we grant them access to our workspaces, our files, our keystrokes - and assume they're only using that access to help us code.
Who is this “we”? I don’t, and don’t know anybody else who does this.
Also, was this article itself written by an AI assistant? If the author is that carefree regarding these extensions, I guess probably.
What's stopping a vim plugin from doing similar data exfiltration? Tons of people blindly install LazyVim, Spacevim, or other vim tooling and choose a bunch of similar things.
I'm honestly surprised this issue in general didn't cause nearly every company to immediately ban all AI.
Why do these companies put so much effort into fighting right to repair to avoid IP leaks any halfway serious company could reverse engineer in a week, but on the other hand encourage their employees to vibe all company secrets into the cloud?
It's a bit trite, but the answers are: 1) money 2) money
Can't repair your own stuff and either need to use authorized repair shop or buy new? The company gets more money.
Force your developers to forgo quality in efforts to produce more cruft in less time? The company gets more money.
Of course, only considering short-term, long-term they'll lose money, but at that point all the executives and managers already got their bonuses and probably moved on to doing the same in some other company.
> Why do these companies put so much effort into fighting right to repair to avoid IP leak
Only if you believe they are truthful about the reason for fighting right to repair. I think the reason for fighting right to repair is to reduce the time before a replacement purchase is required.
> but on the other hand encourage their employees to vibe all company secrets into the cloud?
Lots of companies do ban or restrict usage of LLMs etc.
Uhh a lot of companies did and are strict on what AI tools are allowed.
The main thing I had to wait on for a long time was support for preventing 3rd party code from being plagiarized since our code base was intermingled with partnered companies.
mat_epice|27 days ago
g947o|27 days ago
It is a shame that the team never prioritized extension permission issues [0] despite their big boss said security is the top priority [1]. All they have is "workspace trust" and various other marginally useful security measures.
I don't install a VSCode extension unless it is either official or well known and audited and I have to use it. I keep most of them disabled by default unless I need something for a project. (Even if you don't care about security, it's good for VSCode performance. I'll save that story for another day.)
[0] https://github.com/microsoft/vscode/issues/52116
[1] https://blogs.microsoft.com/blog/2024/05/03/prioritizing-sec...
tormeh|27 days ago
In theory you can mix and match, but in practice most bureaucrats will insist on single-sourcing.
mentalgear|27 days ago
dirkc|27 days ago
Trusting other devs to not write malicious code has led to a surprisingly small number of incidents so far, but I don't think this will extrapolate into the future.
With more lines of code being auto-written without deliberate intent or review from an accountable author, things can only get worse!
zukzuk|27 days ago
unknown|27 days ago
[deleted]
larodi|27 days ago
ecshafer|27 days ago
We already have so many good fast secure polygot customizable text editors. Why run one through Chrome and fill it with extensions for everything that will have arbitrary access to everything?
kouteiheika|27 days ago
You open it. It just works. And the learning curve is smooth.
Compare this to Vim where, if it's the first time you're opening it, you are forced to kill the process because you don't even know how to quit it, never mind actually do any productive work.
valicord|27 days ago
guyomes|27 days ago
By the way, the language server protocol was originally developed for VSCode [1]. The popularity of LSP in other editors might have contributed to advertise VSCode.
[1]: https://en.wikipedia.org/wiki/Language_Server_Protocol
zzzeek|27 days ago
my favorite VSCode feature is the SSH remote working feature. VSCode gives me the full editing / console / Claude environment on my local workstation, where all files, shells, and yes Claude as well run on a company lab machine over the VPN. Props to the collaborative working feature where several people can all share the same VSCode editor session on their individual workstations.
Vim can do the above two things if you run as a terminal app with tmux. Sublime could do it if you shared the editor via X or Waypipe (well not the second feature). But VSCode integrates it directly in the app and it's a much better experience.
mizuki_akiyama|27 days ago
qwertytyyuu|27 days ago
guestbest|27 days ago
darepublic|27 days ago
jszymborski|27 days ago
sweetrabh|27 days ago
We built a password automation tool (thepassword.app) specifically to address this: the AI model orchestrates browser navigation, but actual credential values are injected at the local browser level and never enter the model's context. Even if the model were compromised or prompt-injected, there's nothing sensitive to steal.
The lesson generalizes: for any AI tool touching sensitive data, the safest architecture keeps that data entirely outside the AI's reasoning loop.
flufluflufluffy|27 days ago
Who is this “we”? I don’t, and don’t know anybody else who does this.
Also, was this article itself written by an AI assistant? If the author is that carefree regarding these extensions, I guess probably.
SanjayMehta|27 days ago
Even this reads like an AI extension wrote it.
apt-apt-apt-apt|27 days ago
deafpolygon|27 days ago
You all can take vim out of my cold dead hands.
evilduck|27 days ago
DeepSeaTortoise|27 days ago
Why do these companies put so much effort into fighting right to repair to avoid IP leaks any halfway serious company could reverse engineer in a week, but on the other hand encourage their employees to vibe all company secrets into the cloud?
embedding-shape|27 days ago
Can't repair your own stuff and either need to use authorized repair shop or buy new? The company gets more money.
Force your developers to forgo quality in efforts to produce more cruft in less time? The company gets more money.
Of course, only considering short-term, long-term they'll lose money, but at that point all the executives and managers already got their bonuses and probably moved on to doing the same in some other company.
graemep|27 days ago
Only if you believe they are truthful about the reason for fighting right to repair. I think the reason for fighting right to repair is to reduce the time before a replacement purchase is required.
> but on the other hand encourage their employees to vibe all company secrets into the cloud?
Lots of companies do ban or restrict usage of LLMs etc.
direwolf20|27 days ago
pixl97|27 days ago
wxre|27 days ago
The main thing I had to wait on for a long time was support for preventing 3rd party code from being plagiarized since our code base was intermingled with partnered companies.
fragmede|27 days ago
bestouff|27 days ago
october8140|27 days ago
raverbashing|27 days ago
unknown|27 days ago
[deleted]
y-curious|27 days ago
“Oh that’s cool, I already donate to my local neo nazi group. We are both philanthropists!”
Nothing makes me go from apolitical to a red blooded American faster than seeing someone make a stupid false equivalency about the US on this forum
techpulse_x|27 days ago
[deleted]
cheevly|27 days ago
[deleted]