Skip to content

// #developer-tools

3 articles

← All tags
💻 AppSec

VS Code Adds Two-Hour Extension Auto-Update Delay to Reduce Supply Chain Attack Window

Microsoft has released VS Code 1.101 with a configurable two-hour delay on automatic extension updates. The change is a direct response to supply chain attacks in which malicious updates were pushed to popular extensions, executing on developer machines within minutes of publication. The delay gives security teams a detection window before malicious updates execute across the developer fleet.

#vscode +7
💻 AppSec

AI Coding Agents in CI/CD Pipelines: Mapping the Attack Surface After Pwn2Own AI Category Results

The Pwn2Own Berlin 2026 AI category results — five products exploited — have a compounding implication for organisations where AI coding agents are integrated with CI/CD pipelines, code repositories, and cloud deployment infrastructure. An exploited AI agent running in a pipeline is not a developer workstation compromise; it is a supply chain entry point.

#ai-security +6
💻 AppSec

AI Coding Environments Join Pwn2Own Target List: LM Studio and OpenAI Codex Exploited via Sandbox Escapes

Pwn2Own Berlin 2026 introduced an AI products category and saw both LM Studio and OpenAI Codex exploited on the same day through sandbox escapes and environment variable injection. The results raise urgent questions about the security of AI development tools running inside enterprise environments with access to code repositories, credentials, and production pipelines.

#ai-security +6

Commentary tagged #developer-tools

Opinion

AI at Pwn2Own Is an Admission: These Tools Were Never Secure

The addition of an AI products category at Pwn2Own Berlin 2026 — and its immediate success with five exploits across three vendors — is not evidence that AI tools are newly insecure. It is evidence that the security industry has finally started looking. The results are a lagging indicator of what has been deployed in enterprise environments for the past two years.

CipherWatch Editorial

Security Intelligence Platform
Opinion

Attackers Discovered That Developer Tools Make Better C2 Infrastructure Than Their Own Servers

KidsProtect's use of VS Code Remote Tunnels and Discord webhooks for command-and-control is not a stalkerware quirk — it is the latest example of a systematic shift toward legitimate cloud services as attack infrastructure. When defenders cannot block VS Code tunnels without breaking developer workflows, the standard network-layer controls that security architecture depends on stop working.

CipherWatch Editorial

Security Intelligence Platform