Windsurf (VS Code extension, formerly Codeium)
AI coding autocomplete+chat extension for VS Code, with Cascade agent and a built-in one-click MCP-server marketplace.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Windsurf (VS Code extension, formerly Codeium), derived from its capabilities.
AIVSS 8.7 ยท High
View MAESTRO 7-layer threat model โOverview
The Windsurf (formerly Codeium) extension brings AI autocomplete, chat, and the Cascade agent into VS Code and other editors. Cascade includes a built-in MCP marketplace for one-click install of MCP servers (GitHub, Slack, etc.) plus manual config via mcp_config.json. Security surface: installed MCP servers run locally and expose tools to the Cascade agent (subject to a 100-tool active limit).
Key features
- Cascade agent + chat
- Built-in one-click MCP marketplace
- mcp_config.json manual server setup
Use cases
- AI pair-programming in VS Code
- Wire enterprise MCP tools into Cascade