By ByteBot
The Nx Console attack lasted 11 minutes. A poisoned VS Code extension with 2.2 million installs harvested GitHub, AWS, HashiCorp Vault, and Kubernetes credentials from any developer who opened a workspace — and specifically targeted Claude Code config files. Nobody’s npm scanner caught it, because it wasn’t an npm package. It was an editor extension. Socket just closed $60 million in Series C funding and acquired extension security startup Secure Annex specifically because that distinction no longer matters.
The Funding and What It Signals
Socket’s Series C was led by Thrive Capital, with participation from Andreessen Horowitz and Capital One Ventures, valuing the company at $1 billion. The round brings total funding to $125 million. At 300% year-over-year revenue growth and 27,000 organizations protected — including Anthropic, Cursor, Figma, and Vercel — the company has clear product-market fit. The signal isn’t the number. It’s where the money goes.
Socket’s post-Series C roadmap targets VS Code Marketplace scanning, browser extension coverage, MCP servers, and AI skills marketplaces. That list is a map of every attack vector that emerged after 2022, when the industry drew a defensive perimeter around package managers and called it done.
What Socket Bought with Secure Annex
Socket acquired Secure Annex on April 28, 2026. Founder John Tuckner built the company in November 2024 after discovering multiple malicious VS Code extensions — including what he called “ransomvibing,” AI-generated extensions with ransomware capabilities uploaded to Microsoft’s official marketplace. He brought detection heuristics that understand extension-specific behaviors: activation patterns, privileged capability declarations, and obfuscated payloads that trigger only when a workspace opens.
Reddit, Brave, Torq, and Movable Ink were Secure Annex customers before Socket acquired it. Tuckner is joining Socket. This wasn’t a talent acqui-hire — it was a capability acquisition for a gap Socket couldn’t close with its existing npm-focused engine.
The Actual Attack Surface in 2026
Here is what lives in a developer’s environment, runs code with elevated access, and receives almost no security vetting:
- npm/PyPI/cargo packages — Socket covers these
- GitHub Actions — Socket covers these
- VS Code extensions — Secure Annex covers these, rolling into Socket
- Browser extensions — Secure Annex covers these
- MCP servers — Socket has named these as a target; no major tool covers them yet
- AI skills marketplaces — on Socket’s roadmap
The Nx Console attack started as a TanStack npm credential compromise, escalated to a stolen Nx contributor GitHub token, and ended as a VS Code extension that exfiltrated credentials from 3,800 GitHub internal repositories. Each layer fed the next. npm-level defense stopped nothing after the first pivot.
MCP Servers: The Unguarded Layer
MCP servers have ambient authority over your AI agent’s context. They run tool calls, access file systems, make API requests, and write to databases — all based on tool descriptions that the model reads and trusts. A malicious MCP server can embed instructions in those descriptions that redirect the agent’s behavior invisibly.
OX Security poisoned nine of eleven public MCP registries in a proof-of-concept earlier this year. The MCPTox benchmark found attack success rates above 60% on popular agents. The first malicious MCP package appeared in September 2025, and the ecosystem has grown faster than its security tooling since. CISA issued an alert on May 28 covering the Nx Console and related supply chain compromises; no equivalent framework exists for MCP servers yet.
Socket is the first major security vendor to explicitly name MCP server scanning on its roadmap. That coverage isn’t live yet, but the Secure Annex acquisition and the Series C are what make it possible.
What to Do Now
The Nx Console postmortem is instructive: the attack exploited the assumption that developer tools come from trusted sources and don’t need the same scrutiny as packages. That assumption is wrong. A minimal defense posture:
- Add Socket to your repos. The GitHub App is free for open source and scans every PR. It catches behavioral anomalies before they merge.
- Audit VS Code extensions. Remove anything unused. Check when installed extensions last updated — a stale extension may have changed ownership.
- Vet MCP servers before adding them. Check the publishing account, repository history, and whether the server requests permissions beyond its stated purpose. Manual review is the only option until Socket’s MCP coverage ships.
- Watch for extension update alerts. Once Socket’s VS Code Marketplace coverage ships, enable it. Until then, monitor ecosystem disclosure channels.
npm audit is a 2022 solution. The attack surface moved. Socket’s $60 million is a bet that the tooling has to move with it — and the Nx Console attack is evidence that bet came about three years too late.
