How to Secure Windsurf
Step-by-step guide to securing your Windsurf IDE and the applications you build with it.
Windsurf Security Context
Windsurf is built on Chromium, which had 94 CVEs discovered in 2024-2025. It uses Codeium's AI which offers zero data retention mode. Keep your IDE updated and review all AI-generated code.
Security Checklist
Enable zero data retention mode
CriticalConfigure Codeium's zero data retention mode to prevent code from being stored.
Keep Chromium updated
CriticalWindsurf uses Chromium - ensure it's updated to avoid the 94+ CVEs discovered in 2024-2025.
Review AI-generated code
CriticalAll AI-generated code should be reviewed for security vulnerabilities.
Configure ignore patterns
CriticalSet up ignore patterns to exclude sensitive files from AI analysis.
Audit secrets exposure
CriticalEnsure API keys and credentials aren't exposed to the AI.
Review Codeium permissions
CriticalUnderstand what data Codeium accesses and how it's handled.
Configure workspace settings
Set up workspace settings to limit AI access to sensitive directories.
Enable security extensions
Install security-focused extensions for additional protection.
Review generated dependencies
Audit packages suggested by AI for vulnerabilities.
Configure git hooks
Set up pre-commit hooks for secret detection.
Audit extension permissions
Review what extensions have access to your codebase.
Enable code signing
Sign commits to verify code authenticity.
Review telemetry settings
Configure telemetry to minimize data sharing.
Secure remote connections
Audit remote development connections.
Run security scan
Use VibeEval to scan your deployed application.
Related Resources
Automate Your Security Checks
Let VibeEval scan your application and generate a comprehensive security report.
Scan Your App