AI-powered IDEs like Cursor, Windsurf, Google Antigravity, and Trae are exposing users to security risks by recommending extensions that don’t exist in the OpenVSX registry. Since these IDEs are forks of Microsoft VSCode and can't access the official extension store due to licensing issues, they rely on OpenVSX for extensions. However, they inherit hardcoded recommendations from Microsoft’s Visual Studio Marketplace, which can lead users to unverified extensions. Researchers at Koi pointed out that malicious actors could exploit this gap by claiming unregistered namespaces of the nonexistent recommended extensions to distribute malware. They identified several high-profile namespaces that could be targeted, including ms-ossdata.vscode-postgresql and ms-azure-devops.azure-pipelines. After reporting the issue to the affected companies in late November 2025, Cursor quickly fixed the vulnerability by December 1. Google removed 13 problematic recommendations by late December and marked the issue as resolved by January 1, while Windsurf has yet to respond. In a preventive move, Koi claimed the unregistered namespaces and uploaded placeholder extensions that serve no functional purpose but prevent potential supply-chain attacks. They also coordinated with the Eclipse Foundation, which oversees OpenVSX, to enhance registry security by verifying namespaces and removing unauthorized contributors. As of now, there’s no evidence that these vulnerabilities were exploited before Koi's intervention. Users of these forked IDEs are advised to manually check extension recommendations against the OpenVSX registry to ensure they come from trustworthy publishers.