Listen to this Post

The Visual Studio Code (VS Code) ecosystem has become a central hub for developers worldwide, offering a rich library of extensions to enhance coding productivity. But a recent investigation has exposed a hidden threat lurking within these extensions: thousands of sensitive secrets unintentionally leaked by extension publishers. These exposures not only jeopardize the security of individual organizations but also pose a wider risk to the global software supply chain, revealing the fragile underbelly of modern development tools.
the Investigation
Security researchers at Wiz uncovered a troubling trend: over 550 unique secrets were found scattered across VS Code marketplaces, including both Microsoft’s official platform and the open-source Open VSX Registry. Principal researcher Rami McCarthy noted that the issue came to light while investigating malicious extensions. However, what turned out to be far more alarming was the sheer volume of secrets inadvertently embedded in extension packages.
VS Code extensions are distributed as .vsix files, essentially zipped archives that can be easily unpacked and inspected. Many publishers, whether through oversight or misunderstanding, included sensitive data such as access tokens, API keys, and configuration secrets in these publicly accessible packages. Among the most critical findings were Azure DevOps Personal Access Tokens (PATs) and Open VSX access tokens, which could allow attackers to push malicious updates or hijack the extensions for widespread supply chain attacks. Over 130 such tokens were discovered, some belonging to major corporations or AI providers like OpenAI, Google Gemini, Anthropic, XAI, DeepSeek, HuggingFace, and Perplexity.
Leaked secrets were not limited to access tokens. Researchers also identified credentials for databases such as MongoDB, Postgres, and Supabase, as well as high-risk platform secrets for AWS, GitHub, Stripe, Auth0, and Google Cloud Platform. Some internal company extensions, intended for private use, were inadvertently published publicly, providing a direct vector for targeted attacks. In one striking case, a leaked PAT could have allowed an attacker to distribute malware to the employees of a $30 billion Chinese corporation.
Microsoft responded by revoking all compromised PATs, implementing new security tools for extension publishers, and scanning all existing marketplace extensions for exposed secrets. Open VSX Registry also updated its token system, although it remains unclear if full remediation has been completed. Security experts recommend careful vetting of extensions, using allow lists, and maintaining an inventory of installed extensions to mitigate risks.
What Undercode Say:
The Wiz report underscores a systemic vulnerability in modern software ecosystems. Extensions, while enhancing productivity, are essentially third-party code repositories integrated directly into developers’ IDEs. This makes them a critical node in the software supply chain. Unlike traditional software vulnerabilities, leaked secrets are passive threats—they don’t need to exploit bugs; they merely need to be discovered and misused. This creates a scenario where even low-download or internal-use extensions can become a vector for high-impact attacks if sensitive tokens or API keys are included.
The sheer scale of the leak—550 validated secrets—reveals a broader problem: organizations are struggling to manage secrets securely. The convenience of including hardcoded credentials in extensions or configuration files often outweighs security best practices, and developers are frequently unaware that .vsix packages are publicly accessible. This reflects a cultural and technical gap in developer security awareness that is unlikely to be fixed solely by automated scanning tools.
The targeting of AI-related extensions is particularly noteworthy. With AI APIs gaining central importance across enterprises, the exposure of API keys from providers like OpenAI or HuggingFace represents not just financial risk, but potential competitive intelligence leaks. Malicious actors could manipulate AI-powered applications, extract sensitive information, or deploy malicious code in AI environments, multiplying the damage potential far beyond a conventional token leak.
Microsoft’s response—revoking tokens, scanning extensions, and offering pre-publication scanning tools—is a necessary corrective, but it highlights a reactive rather than proactive security posture. Open-source platforms like Open VSX face an even greater challenge due to less stringent review processes. Without stricter controls and mandatory scanning for secrets before publishing, these platforms remain high-risk targets for supply chain attacks.
Organizations must rethink their approach to IDE security. Limiting extensions, implementing allow lists, performing inventory audits, and verifying publisher reputation are immediate steps, but long-term solutions require a cultural shift. Developers need training to understand the lifecycle of sensitive data, and security policies should integrate checks into the CI/CD pipeline to catch accidental exposure before code reaches public marketplaces.
Furthermore, the broader software ecosystem must recognize that supply chain security is only as strong as its weakest link. Small mistakes, such as publishing an internal extension with a PAT or API key, can cascade into multi-billion-dollar consequences. For high-value enterprises and AI-integrated platforms, this is no longer theoretical—it’s a pressing operational risk that demands proactive attention.
Finally, the Wiz findings reveal a cautionary tale: automation alone cannot replace human vigilance. Security teams must combine tooling with cultural awareness and enforce a security-first mindset among developers. Only then can the risks of public extension marketplaces be meaningfully mitigated.
Fact Checker Results:
✅ Over 550 unique secrets were discovered across VS Code marketplaces.
✅ Microsoft has revoked all exposed PATs and implemented new security scanning tools.
❌ Eclipse Foundation has not publicly confirmed full remediation of Open VSX Registry leaks.
Prediction:
📊 Supply chain attacks via extension marketplaces will increase unless stricter publishing controls are enforced.
📊 AI-related extension leaks could become prime targets for credential theft and malicious manipulation.
📊 Organizations will likely adopt allow lists, automated secret scanning, and tighter internal policies to secure IDE ecosystems over the next 12–18 months.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: www.darkreading.com
Extra Source Hub (Possible Sources for article):
https://www.reddit.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon




