AIDR · Plugin Supply-Chain Security

Every plugin your developers run is unvetted code with full access.

IDE extensions, browser extensions, and AI-agent MCP servers execute with your developers' privileges — reading source, secrets, and traffic. PluginSec is the lightweight agent that inventories every plugin across your fleet, flags the malicious ones with our threat intel, and enforces an allowlist before they run.

Request access See the console →

// one agent · IDE + browser + AI-agent · intel stays with us, you get the verdict

pluginsec — fleet / detections

IDE

prettier-vscode-pro

publisher: prettir-team · v9.2.1

MALICIOUS

MCP

filesystem-mcp-plus

npm · added to 4 agents

SUSPICIOUS

CHROME

JSON Viewer

silent update → new host perms

RUG-PULL

SKILL

git-helper.skill

claude-code · 38 endpoints

ALLOWED

The blind spot

EDR sees your binaries. SCA sees your dependencies. Nothing sees your plugins.

Developers and AI agents install thousands of third-party plugins that run with high privilege on the endpoint — and your security team has zero visibility into them.

⌨

IDE extensions

Full filesystem and shell access on activation. They read your source and secrets, and can run arbitrary code on install or silent update.

VS CodeOpenVSXJetBrainsCursor

🌐

Browser extensions

Read and modify all web traffic, steal session cookies and tokens, and inject scripts into every page your team visits.

ChromeEdgeFirefoxSafari

🤖

AI-agent skills & MCP

The newest and least-monitored surface. MCP servers run as local processes with tool access — wide open to prompt injection, tool poisoning, and rug-pulls.

ClaudeCodexGeminiAntigravity

Threats we stop

A threat model built for the plugin era.

We track the attack techniques that target the plugin layer specifically — not generic malware signatures.

Malicious publishers & crypto-stealers

Plugins shipped to steal wallets, keys, and credentials from the moment they activate.

Rug-pulls

A trusted plugin silently auto-updates to a malicious version. We detect the drift.

Typosquatting & impersonation

Look-alike names and spoofed publishers that trick developers into installing the wrong thing.

Over-privileged permissions

Scope creep — a formatter that suddenly wants network, filesystem, and shell access.

MCP tool poisoning & prompt injection

Malicious MCP tool descriptions and payloads that hijack your AI agents.

Credential & token exfiltration

Plugins that quietly ship secrets, cookies, and source to attacker-controlled endpoints.

Unknown / unvetted MCP servers

Shadow MCP configs added to agents with no review. We surface every one.

How it works

Deploy one agent. Get verdicts and an enforced allowlist.

The intel does the hard work in our cloud. Your endpoints only ever get a yes / no.

STEP 01

Deploy the agent

A lightweight sensor on every developer endpoint — macOS, Windows, Linux. Minutes to roll out via your MDM.

STEP 02

Build the Plugin SBOM

It continuously inventories every IDE extension, browser extension, skill, and MCP server — name, publisher, version, permissions, hash. Metadata only; source never leaves the device.

STEP 03

Verdict & enforce

We correlate each plugin against our threat intel and return a verdict. The agent enforces your allowlist — block, quarantine, or warn — before risky plugins run.

The console

Your entire plugin attack surface, in one place.

Fleet inventory, allowlist decisions, and detections across IDEs, browsers, and AI agents — for the whole org.

Open the live demo console →

Why PluginSec

Not a repurposed EDR. Built for the plugin and AI-agent era.

✓

MCP-native

Understands skills and MCP servers as first-class assets — not an afterthought bolted onto an endpoint agent.

✓

One agent, every plugin class

IDE, browser, and AI-agent plugins in a single inventory and a single allowlist.

✓

Intel you don't have to run

We correlate every plugin SBOM against our own analysis and leading feeds. You get the verdict — never the burden of running intel.

✓

Enforcement, not just visibility

The allowlist is enforced on the endpoint. Risky plugins are blocked or quarantined before they execute.

✓

Privacy-respecting by design

Metadata and SBOM only. Source code and intel never leave their respective sides.

✓

Built for security teams

RBAC, SIEM integration, and an audit trail on every allow/deny decision.

Coverage

Every place your developers install code.

VS Code Marketplace OpenVSX JetBrains Marketplace Cursor Chrome Web Store Edge Add-ons Firefox AMO Safari Extensions Claude / Claude Code Codex Gemini Antigravity MCP servers & skills

Request access

Bring the plugin layer under control.

PluginSec is enterprise-only and onboarded by invitation. Tell us about your team and we'll set up a demo on your fleet.

// no individual tier · SSO & on-prem available