This article discusses the security risks associated with trust-based models in popular IDEs like VS Code and Cursor, highlighting vulnerabilities that can be exploited by malicious extensions. It introduces IDE-SHEPHERD, an open-source extension that monitors and blocks harmful operations in real-time, offering a more granular trust model and enhanced protections for developers.

OX Security's research reveals critical flaws in the verification processes of popular IDEs like Visual Studio Code, Visual Studio, and IntelliJ IDEA, allowing malicious extensions to appear verified. These vulnerabilities can lead to arbitrary code execution on developers' machines, underscoring the need for improved security measures in extension signing and installation practices.