Blog

Latest insights on extension security, development best practices, and industry news

The Dependency Model Is Dying

AI coding agents are making traditional package management obsolete. The new supply chain risk isn't npm, it's the plugins your AI uses to write code.

April 2, 2026

#supply-chain#dependencies#ai-agents

Why I’m Building Two Products for the Same Problem

RiskyPlugins and PrivateStores are aimed at the same mess from different angles. One is the intelligence layer. The other is the control layer. Keeping that split matters.

March 18, 2026

#supply-chain#private-stores#mcp

Why I Turned RiskyPlugins Into a Hosted MCP Server

I got tired of security tooling living in one tab and AI agents living in another. So I wired RiskyPlugins up as a hosted MCP service with API keys, quotas, audit logs, and billing.

March 18, 2026

#mcp#claude-code#codex

The Extension Supply Chain Problem Nobody Is Solving

Browser and IDE extensions are one of the easiest ways into an enterprise network. The tooling to deal with this barely exists. Here's what we're building and why.

February 17, 2026

#supply-chain#browser-extensions#vscode

Featured

Extension Security Best Practices

Essential security guidelines for developing and maintaining browser extensions

November 7, 2025 Security

#security#extensions#best-practices