This study presents the first systematic security analysis of Next-Edit Suggestion (NES) mechanisms in AI-integrated IDEs, revealing novel threats arising from their reliance on extended contextual information and complex human–IDE interactions. Through a combination of mechanism reverse engineering, controlled attack simulations, and a large-scale developer survey (N > 200), we demonstrate that NES is vulnerable to context poisoning, transactional edit manipulation, and interaction-level exploits between users and the IDE. Our findings empirically confirm significant security weaknesses in current NES implementations and uncover a widespread lack of risk awareness among developers. These results underscore the urgent need for enhanced security education and the development of robust defensive mechanisms to safeguard AI-assisted coding environments.

Modern AI-integrated IDEs are shifting from passive code completion to proactive Next Edit Suggestions (NES). Unlike traditional autocompletion, NES is designed to construct a richer context from both recent user interactions and the broader codebase to suggest multi-line, cross-line, or even cross-file modifications. This evolution significantly streamlines the programming workflow into a tab-by-tab interaction and enhances developer productivity. Consequently, NES introduces a more complex context retrieval mechanism and sophisticated interaction patterns. However, existing studies focus almost exclusively on the security implications of standalone LLM-based code generation, ignoring the potential attack vectors posed by NES in modern AI-integrated IDEs. The underlying mechanisms of NES remain under-explored, and their security implications are not yet fully understood. In this paper, we conduct the first systematic security study of NES systems. First, we perform an in-depth dissection of the NES mechanisms to understand the newly introduced threat vectors. It is found that NES retrieves a significantly expanded context, including inputs from imperceptible user actions and global codebase retrieval, which increases the attack surfaces. Second, we conduct a comprehensive in-lab study to evaluate the security implications of NES. The evaluation results reveal that NES is susceptible to context poisoning and is sensitive to transactional edits and human-IDE interactions. Third, we perform a large-scale online survey involving over 200 professional developers to assess the perceptions of NES security risks in real-world development workflows. The survey results indicate a general lack of awareness regarding the potential security pitfalls associated with NES, highlighting the need for increased education and improved security countermeasures in AI-integrated IDEs.