AI-powered coding tools like Cursor and Trae are vulnerable to supply chain attacks because they recommend extensions that do not exist on the Open VSX registry.
The Open VSX namespace sqauting attack vector is clever because it exploits trust in IDE recommendations. What's scary is how this combines with infostealer logs to create a complete supply chain breach. The fact that a placeholder extension got hundreds of installs shows developers treat IDE suggestions as curated when they're really just inherited recommendation lists. MFA should be table stakes but the namespace verification gap is the real problem here.
The Open VSX namespace sqauting attack vector is clever because it exploits trust in IDE recommendations. What's scary is how this combines with infostealer logs to create a complete supply chain breach. The fact that a placeholder extension got hundreds of installs shows developers treat IDE suggestions as curated when they're really just inherited recommendation lists. MFA should be table stakes but the namespace verification gap is the real problem here.