🛡️ AI Coding Agent Security
Coding Agent Defense
Detect, vet, and block malicious AI coding-assistant plugins and browser extensions — before they exfiltrate your developers' API keys. RuntimeAI goes beyond inventory: it scans plugin code for credential theft, blocks the exfil at egress, and contains it with kill-switch + tamper-proof audit.
VS Code · Cursor · JetBrains
Plugins Vetted
<100ms
Kill-Switch Containment
Detect · Vet · Block
Not Just Inventory
Fail-Closed
Enforced IDE Egress
Discover → Vet → Block → Contain → Prove
Most security teams have zero inventory of what AI plugins their developers installed. RuntimeAI sees them, scans them for malice, blocks the exfil, and contains it — end to end.
| Stage | What most tools do | What RuntimeAI does |
|---|
| Discover | Nothing — shadow AI is invisible | Inventory every VS Code / Cursor / JetBrains plugin, MCP connection & AI browser extension |
| Vet | Trust the marketplace listing | Static + behavioral scan for credential exfil, hardcoded endpoints, obfuscation; IOC match (STIX/TAXII) |
| Block | Observe, alert later | Enforced IDE egress (fail-closed) blocks plaintext key exfil to non-allowlisted hosts |
| Contain | Manual incident response | Auto kill-switch the agent identity, revoke vaulted tokens, push MDM/EDR quarantine |
| Prove | Stitch logs after the fact | Tamper-proof, PQ-signed Merkle audit of every verdict and action |
What It Does
The capabilities that turn AI Discovery from "we see the plugin" into "we caught the malicious one and stopped it."
✦
Malicious-code scanner
Static + behavioral analysis of plugin source — cleartext secret exfil, credential-read→outbound, hardcoded IPs, obfuscation. Host-agnostic: JS (VS Code/Cursor), JVM (JetBrains), Python agents.
✦
IOC / threat-intel matching
Match plugin indicators against STIX/TAXII feeds + an offline bundle for air-gap — seeded with known campaign indicators.
✦
Browser-extension monitoring
Flags extensions whose content scripts target AI chat domains (ChatGPT, Claude, Gemini, Copilot) — the conversation-scraping shape.
✦
Enforced IDE egress
Route developer AI traffic through the AI Firewall; cleartext credential exfil to non-allowlisted destinations is blocked, fail-closed. Ships monitor-only, then flip to enforce.
✦
Auto-response & containment
On a confirmed-malicious verdict: kill-switch the agent identity, revoke its vaulted tokens, quarantine via MDM/EDR (Intune/Jamf/CrowdStrike), alert + SIEM export.
✦
Make the prize worthless
With the Secure LLM Router + QuantumVault/PQ TokenVault, developers never hold raw provider keys — a stolen credential is short-lived, scoped, revocable, and audited.
Why this matters now. In June 2026, 15 malicious JetBrains Marketplace plugins impersonating DeepSeek and CodeGPT stole developers' OpenAI / DeepSeek API keys — exfiltrated in plaintext to an attacker server, then resold on the victims' bill. Parallel "PromptSnatcher" browser extensions with 100,000+ installs recorded ChatGPT and Claude conversations. The breach wasn't the plugin — it was the long-lived key sitting in an untrusted tool.
Honest Scope
We tell every customer exactly where the line is.
✓
What we do
Detect the rogue plugin/extension, vet its code, block its exfil channel, neutralize the stolen credential, and contain + audit — across VS Code, Cursor, and JetBrains.
→
Where we integrate, not reinvent
We don't block the OS-level install — that's your MDM/EDR. We push the malicious verdict to Intune / Jamf / CrowdStrike to quarantine at the endpoint. We ingest standard threat feeds; we don't run a TI research shop.
Coverage & Compatibility
The hosts, channels, and tooling Coding Agent Defense works across.
VS Code
Cursor
JetBrains
Chrome / Firefox extensions
MCP servers
STIX / TAXII feeds
Intune
Jamf
CrowdStrike
SIEM / SOAR
Kubernetes
Air-gap
See the malicious plugin before it sees your keys.
Detect, vet, block, and contain malicious AI coding plugins and extensions — across every IDE your developers use.