London, April 30, 2026 – Meterian, the UK-based open-source security company, today announced the launch of HEIDI, a free security plugin for Integrated Development Environments (IDEs). 

Available on Visual Studio Code and the JetBrains IDEs, HEIDI enables developers to detect and fix open-source vulnerabilities directly inside their coding environment, making security part of everyday development rather than an afterthought. 

Within a month of deploying on Visual Studio Marketplace, the free plugin has seen nearly 5,000 installs from developers. This level of pre-launch engagement reflects the critical demand for such a project. 

With software supply chain attacks on the rise and open-source dependencies powering 80–90% of modern applications, the risks of leaving vulnerabilities unchecked are increasing. Yet most security scanning still happens late in the process, inside CI/CD pipelines or after release. 

Open-source software developer Roberto Franchini of ArcadeDB said, “It is the reality of using AI for development that LLMs do not know about vulnerabilities exposed today. HEIDI serves as an important live security layer by comparing AI proposals with current threat intelligence information. This means that we can take advantage of AI without incurring the security debt from old data sets.”  By shifting security into the IDE, HEIDI allows developers to identify and fix issues before code ever leaves their machine.

“Developers spend most of their time coding inside IDEs. HEIDI meets them where they work, ensuring security isn’t an extra step but part of the process itself,” said Bruno Bossola, CTO and co-founder of Meterian. “This is how we reduce security debt, cut patching costs, and prevent vulnerable code from reaching production.”

HEIDI also extends its capabilities through a built-in Model Context Protocol (MCP) server that connects directly with AI coding assistants. Unlike most AI tools, which depend on static pre-trained knowledge, HEIDI brings real-time vulnerability intelligence into the developer’s AI workflow, including tools such as Codex, Claude, GitHub Copilot, Cursor, Windsurf, and other MCP-compatible assistants.

Key Features of HEIDI

• Automatic vulnerability scanning of direct and transitive dependencies.
  
• One-click fixes that let developers apply remediation instantly.
  
• Lightweight reporting with actionable insights inside the IDE.
  
• No source code transferred — only manifest files are scanned, protecting IP.
  
• Language support: Java, .NET, NodeJS, Python, PHP, Ruby, Rust, Go.
  
• AI assistant integration via built-in MCP server with real-time vulnerability intelligence.
  

The urgency is clear from recent concerns around Anthropic’s Claude Mythos. Anthropic said Mythos Preview could identify and exploit zero-day vulnerabilities in major operating systems and browsers.

HEIDI is built for the defensive side of that shift, giving AI coding assistants current, project-specific dependency risk context so developers can spot vulnerable packages, understand the risk, and apply safer upgrade paths before code ships. 

A Seamless Path to Enterprise Security

The free HEIDI plugin delivers immediate value to developers, while offering a natural pathway to Meterian’s enterprise Software Composition Analysis (SCA) suite, which provides advanced CI/CD integrations, SBOM management, custom security policies, and comprehensive reporting.

Meterian is engaging open-source communities, OWASP chapters, and developer forums to build grassroots traction.

Why It Matters

According to IBM’s 2025 Data Breach Report, the average breach costs $4.4 million — but vulnerabilities discovered late in the development cycle are far more expensive to fix. By embedding checks early in the software development lifecycle, HEIDI empowers developers to find, fix, and ship securely.

HEIDI is now available for free download on the Visual Studio Code Marketplace, the JetBrains marketplace,  and the OpenVSX registry. All information about HEIDI, including documentation and tutorials, can be found by visiting https://www.meterian.io/product/heidi/.

About Meterian

Meterian is a cybersecurity company specialising in open-source vulnerability detection and automated remediation. Its AI-powered platform helps organisations protect their software supply chains, reduce security debt, and ensure compliance with international standards. Headquartered in London, Meterian serves global clients across critical industries.