MaliciousCorgi: AI Extensions send your code to China
by tatersolid on 2/2/2026, 12:59:58 PM
Comments
by: mat_epice
Sure, AI tools can do this. However, VS Code is the platform. Why aren't more people worried about running arbitrary VS Code extension that can do the same thing, AI or not?
2/2/2026, 1:31:31 PM
by: jszymborski
Between this and the notepad++ thing... I got to start running programmes with firejail or something.
2/2/2026, 2:41:00 PM
by: bestouff
Well, AI already sends your code to US so ...
2/2/2026, 1:11:51 PM
by: darepublic
It's hard for me to fathom that there are capable devs who would pollute their ide with this crap in the first place, malicious or not
2/2/2026, 1:54:21 PM
by: apt-apt-apt-apt
This seems expected, when you install free, random software, especially from sources known for surveillance/malware/crime.
2/2/2026, 1:45:19 PM
by: SanjayMehta
> Not just what you're actively working on. Every file you glance at. Every character you type. Captured and transmitted.<p>Even this reads like an AI extension wrote it.
2/2/2026, 2:33:17 PM
by: DeepSeaTortoise
I'm honestly surprised this issue in general didn't cause nearly every company to immediately ban all AI.<p>Why do these companies put so much effort into fighting right to repair to avoid IP leaks any halfway serious company could reverse engineer in a week, but on the other hand encourage their employees to vibe all company secrets into the cloud?
2/2/2026, 1:21:25 PM
by: deafpolygon
This is one of the many reasons why I don’t use VS Code, or use any “helpful” AI plugins (or any plugins really).<p>You all can take vim out of my cold dead hands.
2/2/2026, 2:24:15 PM
by: cheevly
[flagged]
2/2/2026, 1:19:54 PM