Blog
Latest insights on extension security, development best practices, and industry news
Inside Flash Player 2026: A Remote-Controlled Injection Network with 860K Users
A Flash emulator extension on Chrome and Edge shipped a server-controlled injection framework with potential reach across 860,000+ users. The emulator actually worked. That was the point.
The Dependency Model Is Dying
AI coding agents are making traditional package management obsolete. The new supply chain risk isn't npm, it's the plugins your AI uses to write code.
Why I’m Building Two Products for the Same Problem
RiskyPlugins and PrivateStores are aimed at the same mess from different angles. One is the intelligence layer. The other is the control layer. Keeping that split matters.
Why I Turned RiskyPlugins Into a Hosted MCP Server
I got tired of security tooling living in one tab and AI agents living in another. So I wired RiskyPlugins up as a hosted MCP service with API keys, quotas, audit logs, and billing.
The Extension Supply Chain Problem Nobody Is Solving
Browser and IDE extensions are one of the easiest ways into an enterprise network. The tooling to deal with this barely exists. Here's what we're building and why.
Extension Security Best Practices
Essential security guidelines for developing and maintaining browser extensions