Cybersecurity

AI Told the Lambs to Eat Fake Grain and They Almost Did (Again)

NeglectedSheep

2 min read
AI Told the Lambs to Eat Fake Grain and They Almost Did (Again)

Oh good. Another supply chain attack vector. Just what I needed at 3am while I'm babysitting a SIEM that keeps alerting on its own heartbeat.

So here's what happened. Some of the VS Code forks, the ones with AI assistants baked in because apparently we can't just write code anymore, started recommending extensions that didn't actually exist yet in the Open VSX registry. Nobody had claimed those extension names. Nobody. They were just sitting there. Empty. Unclaimed. Like a bag of grain in the middle of a field with absolutely no wolf nearby, I'm sure.

You can already see where this is going.

The Wolves figured it out. If the AI is going to confidently recommend "install this extension, it's great, trust me," and the extension slot is vacant, you just... upload your own parasite-stuffed package under that name. Boom. Developer machines start scratching. Ticks everywhere. And the Lambs just double-clicked their way into it because an AI said it was fine.

This is called a dependency confusion variant, or in this case more of an "AI hallucination to supply chain compromise" pipeline, which is a sentence I genuinely did not have on my 2025 bingo card but here we are.

The really fun part is that Open VSX is the extension registry used by these VS Code forks precisely because they can't use the official Microsoft marketplace. So the Flock is already in a slightly less-fenced pasture, and now the AI is pointing at holes in the fence and saying "oh that looks promising, check that out."

The Shepherds, naturally, have not issued a memo. I checked. There is no memo. There is a Slack message from Karen asking why her laptop is slow.

It's fine. Everything is fine.

Remediation

Look, I'm tired, so I'll be brief.

Verify before you install. If your AI coding assistant recommends an extension, look it up manually in the registry before you click anything. Check the publisher. Check the download count. Check the publish date. If it went live yesterday and has 11 downloads, that's a tick.

Lock your dependencies. Pin extension versions in your dev environment configs. Treat your toolchain like the Electric Fence it should be, not a suggestion.

Audit your dev machines. Yes, all of them. Yes, including the one the intern uses. Especially that one.

Tell the Flock. Your developers are Lambs. They will click. Brief them anyway.

Going back to staring at logs until my eyes stop working, same as every Tuesday.

Original Report: https://thehackernews.com/2026/01/vs-code-forks-recommend-missing.html