I'm honestly surprised this issue in general didn't cause nearly every company to immediately ban all AI.
Why do these companies put so much effort into fighting right to repair to avoid IP leaks any halfway serious company could reverse engineer in a week, but on the other hand encourage their employees to vibe all company secrets into the cloud?
Sure, AI tools can do this. However, VS Code is the platform. Why aren't more people worried about running arbitrary VS Code extension that can do the same thing, AI or not?
I don't really get how VSCode got so popular. You can use a language server perfectly easily with Vim, Emacs, Helix, Sublime, etc. You can customize basically everything in those editors, syntax, etc. You can just alias console commands for all of your build tools with some custom scripts if you need more complex build commands routinely. The git terminal tool works better than any VScode option. And VSCode is slower than all of those.
We already have so many good fast secure polygot customizable text editors. Why run one through Chrome and fill it with extensions for everything that will have arbitrary access to everything?
> We install them without a second thought. They're in the official marketplace. They have thousands of reviews. They work. So we grant them access to our workspaces, our files, our keystrokes - and assume they're only using that access to help us code.
Who is this “we”? I don’t, and don’t know anybody else who does this.
Also, was this article itself written by an AI assistant? If the author is that carefree regarding these extensions, I guess probably.
This is why the architecture of AI tools matters so much. Any extension with full codebase access can exfiltrate - and the same risk exists for AI agents handling credentials or API keys.
We built a password automation tool (thepassword.app) specifically to address this: the AI model orchestrates browser navigation, but actual credential values are injected at the local browser level and never enter the model's context. Even if the model were compromised or prompt-injected, there's nothing sensitive to steal.
The lesson generalizes: for any AI tool touching sensitive data, the safest architecture keeps that data entirely outside the AI's reasoning loop.
13 comments
[ 3.3 ms ] story [ 24.7 ms ] threadWhy do these companies put so much effort into fighting right to repair to avoid IP leaks any halfway serious company could reverse engineer in a week, but on the other hand encourage their employees to vibe all company secrets into the cloud?
You all can take vim out of my cold dead hands.
Even this reads like an AI extension wrote it.
We already have so many good fast secure polygot customizable text editors. Why run one through Chrome and fill it with extensions for everything that will have arbitrary access to everything?
Who is this “we”? I don’t, and don’t know anybody else who does this.
Also, was this article itself written by an AI assistant? If the author is that carefree regarding these extensions, I guess probably.
We built a password automation tool (thepassword.app) specifically to address this: the AI model orchestrates browser navigation, but actual credential values are injected at the local browser level and never enter the model's context. Even if the model were compromised or prompt-injected, there's nothing sensitive to steal.
The lesson generalizes: for any AI tool touching sensitive data, the safest architecture keeps that data entirely outside the AI's reasoning loop.