AI IDE supply chain

Security considerations for AI-powered VSCode forks, extension trust, and developer workstation hardening.

VSCode fork extension attack: hijacked recommendations

Jan 6, 2026

—

by

Peter Chofield

in Cyber News & Updates

AI-powered VSCode forks still recommend extensions missing in OpenVSX, letting attackers hijack namespaces and ship malware—here’s how to lock it down.