u/UnhappyPay2752

Moved from VS Code to Windsurf two months ago and it changed how fast I build. The AI flow is better than anything I used before.

But VS Code had an ecosystem of security plugins, Windsurf has nothing at that layer. Last week a dependency it suggested came from an account with three packages and zero publish history. In VS Code a plugin would have caught that before I accepted it.

What are Windsurf users doing for security coverage right now?

Every security vendor in my inbox this month is using the word agentic. Agentic detection, agentic scanning, agentic remediation. I’ve got a rough intuition for what it means when applied to AI code assistants but no clear sense of what it means when applied to the tool securing that code.

As best I can tell the claim is that rather than running a scan and surfacing results, an agentic security layer is making decisions, taking actions, and adapting based on context without waiting for a human to tell it what to do. But the range of things vendors seem to mean by that is enormous.

What does agentic actually look like in practice?