Hunting Malicious IDE Extensions: Building Detection at Scale Across Developer Workstations
Vinod Tiwari
BSidesSF 2026 · Day 2 · AMC Theatre 13
In an era dominated by sophisticated supply chain attacks, the security of developer workstations has emerged as a critical yet often overlooked vulnerability. Vinod Tiwari's talk, "Hunting Malicious IDE Extensions: Building Detection at Scale Across Developer Workstations," delves into the pervasive and dangerous threat posed by malicious Integrated Development Environment (IDE) extensions. He highlights how these seemingly innocuous tools, designed to enhance developer productivity, can become potent vectors for data exfiltration, secret theft, and even remote code execution, particularly in high-value environments like Web3 development.
AI review
Tiwari identifies a genuinely under-monitored attack surface and brings real organizational data to back it up — 556 extensions across 30 hosts is a concrete finding, not a hypothetical. The solution is pragmatic and reproducible, but it's fundamentally a 'use Jamf + bash + a Slack webhook' talk, which caps its ceiling hard.