Cline Incident Raises Procurement Hurdles
Cline
This kind of incident turns Cline from a fast self serve dev tool into a slow security purchase. Cline is asking companies to approve an agent that can edit files, run shell commands, call external tools through MCP, and in some cases operate with looser approval settings, so even a limited package publish incident forces security teams to review release controls, plugin governance, auditability, and vendor maturity more like they would for endpoint or CI infrastructure.
-
The practical issue is not just the eight hour npm exposure window, it is that the failure path was in the release process itself. Cline said an exposed npm token was left active after a prompt injection related workflow issue, then used to publish CLI 2.3.0. That makes procurement teams ask how publish credentials, approvals, and provenance are handled across every distribution surface.
-
High compliance buyers already move slowly. In legal AI, one large firm described security review as the main bottleneck and said the same procurement process still applies even when demand is urgent. Cline is targeting similarly regulated environments in finance, healthcare, defense, and industrials, so any trust incident adds months, not days, to sales cycles.
-
Competitors can now sell a simpler story. Cursor has built enterprise controls like audit logs, hooks, and sandbox mode, while Windsurf markets FedRAMP High, DoD IL4 through IL6, and ITAR support. Against that backdrop, Cline's open MCP marketplace and bring your own stack flexibility look powerful to engineers, but like a larger control surface to procurement teams.
From here, the winners in enterprise agent tooling will be the companies that make openness feel governable. Cline can still turn its local first architecture and model agnosticism into an advantage, but it now has to prove that every release, integration, and plugin path is tightly controlled enough for security teams to bless at scale.