Dev.to
6/26/2026

Plugin marketplaces become new policy
Original: plugin marketplaces are the new endpoint policy for coding agents
Short summary
GitHub's new marketplace policy controls for VS Code and Copilot CLI highlight a critical shift: as AI agents gain the ability to discover, install, and invoke development tools, plugin marketplaces become policy boundaries, not just productivity features. Organizations need intentional controls over which tool sources agents can access. This represents a new layer of supply-chain security for agentic development.
- •Plugin marketplaces are now runtime security boundaries for AI agents
- •Organizations should intentionally define which tool sources are trusted
- •Agent governance requires upstream controls, not just audit trails
Generated with AI, which can make mistakes.
Is this a good recommendation for you?


