Modern AI-integrated IDEs are shifting from passive code completion to proactive Next Edit Suggestions (NES). Unlike traditional autocompletion, NES is designed to construct a richer context from both recent user interactions and the broader codebase to suggest multi-line, cross-line, or even cross-file modifications. This evolution significantly streamlines the programming workflow into a tab-by-tab interaction and enhances developer productivity. Consequently, NES introduces a more complex context retrieval mechanism and sophisticated interaction patterns. However, existing studies focus almost exclusively on the security implications of standalone LLM-based code generation, ignoring the potential attack vectors posed by NES in modern AI-integrated IDEs. The underlying mechanisms of NES remain under-explored, and their security implications are not yet fully understood. In this paper, we conduct the first systematic security study of NES systems. First, we perform an in-depth dissection of the NES mechanisms to understand the newly introduced threat vectors. It is found that NES retrieves a significantly expanded context, including inputs from imperceptible user actions and global codebase retrieval, which increases the attack surfaces. Second, we conduct a comprehensive in-lab study to evaluate the security implications of NES. The evaluation results reveal that NES is susceptible to context poisoning and is sensitive to transactional edits and human-IDE interactions. Third, we perform a large-scale online survey involving over 200 professional developers to assess the perceptions of NES security risks in real-world development workflows. The survey results indicate a general lack of awareness regarding the potential security pitfalls associated with NES, highlighting the need for increased education and improved security countermeasures in AI-integrated IDEs.

翻译：现代AI集成开发环境正从被动的代码补全转向主动的"下一编辑建议"。与传统自动补全不同，NES旨在从近期用户交互及更广泛的代码库中构建更丰富的上下文，以建议多行、跨行甚至跨文件的修改。这一演进显著地将编程工作流简化为逐标签页的交互模式，提升了开发者的生产效率。相应地，NES引入了更复杂的上下文检索机制和精细的交互模式。然而，现有研究几乎完全集中于独立基于LLM的代码生成的安全影响，忽视了现代AI集成IDE中NES可能带来的攻击向量。NES的底层机制仍未得到充分探索，其安全影响尚未被完全理解。本文首次对NES系统进行了系统性安全研究。首先，我们对NES机制进行了深入剖析以理解其新引入的威胁向量。研究发现，NES检索的上下文范围显著扩大，包括来自不易察觉的用户操作输入和全局代码库检索，这增加了攻击面。其次，我们开展了全面的实验室研究以评估NES的安全影响。评估结果表明，NES易受上下文污染，且对事务性编辑和人机交互高度敏感。第三，我们通过一项涉及200余名专业开发者的大规模在线调研，评估了实际开发工作流中人们对NES安全风险的认知。调研结果显示，开发者普遍缺乏对NES相关潜在安全隐患的认识，凸显了在AI集成IDE中加强安全教育和改进安全防护措施的迫切需求。