Security grew a Detection & Response category for every layer it learned to defend. The plugins and AI agents your developers run are the newest layer — high-privilege, fast-growing, and unmonitored. AIDR is the category for it: detect the risk in every plugin, skill, and MCP server, and respond before it runs.
Watches processes and binaries on the host. It does not inventory the plugins running inside your developers' tools, or score their permissions.
Watches traffic and lateral movement. Blind to what a local IDE extension or MCP server does with the access it already has on the endpoint.
Correlates signals across endpoint, network, identity, and cloud. The plugin and AI-agent layer simply isn't one of its telemetry sources.
Detection & response for the AI-agent and plugin execution layer — the skills, MCP servers, and extensions that agents and developers run with full privilege. This is the layer PluginSec defends.
The surface didn't exist at scale a few years ago. Now it's everywhere — and nothing in your stack was built to govern it.
Claude, Codex, Gemini, and Antigravity run skills and MCP servers as local processes with tool access — a brand-new, fast-growing, high-privilege surface with almost no review.
Thousands of IDE and browser extensions, plus package-manager tools that execute code on install and on silent update — each one unvetted code running as the developer.
EDR, NDR, and XDR model processes, traffic, and identities — not individual plugins, skills, or MCP servers. The layer is a blind spot, so it needs its own detection and response.
Continuous inventory and dedicated threat intel for the whole plugin layer.
Inventory every IDE extension, browser extension, AI-agent skill, MCP server, and global package install — name, publisher, version, declared permissions, and content hash. Metadata only; source never leaves the device.
Correlate each plugin against our analysis and leading feeds, returning a verdict — clean, suspicious, or malicious — per plugin and per version.
Catch what generic signatures miss: rug-pulls, typosquatting, over-privileged scope creep, MCP tool poisoning, and credential exfiltration. See the threat model and the full coverage list.
Detection without response is just a report. AIDR enforces.
The agent enforces your allowlist — block, quarantine, or warn — so a plugin with a malicious or suspicious verdict is stopped before it executes, not flagged after the fact.
Every allow/deny decision is logged with who, what, and when, and streams to your SIEM — an auditable record for the whole plugin layer.
Your source code and our threat intel each stay on their own side. Endpoints only ever receive a yes / no.
It deserves dedicated detection and response — not a footnote bolted onto an endpoint agent.
A verdict only matters if it turns into enforcement before the code runs.
Your source and our intel stay on their own sides; the endpoint gets the answer, never the burden.
IDE, browser, AI-agent, and package-manager plugins in a single inventory and a single allowlist.
Governing your plugin layer should never lock you into one browser, OS, or platform vendor.
PluginSec is enterprise-only and onboarded by invitation. Tell us about your team and we'll set up a demo.
