Koidex

Koidex is a security intelligence platform powered by Koi that helps organizations quickly detect and eliminate risks in the software their teams install and use daily. It covers browser extensions, IDE plugins, npm packages, AI models, and more across major marketplaces including VS Code, JetBrains, Chrome Web Store, Edge Add-ons, Firefox Add-ons, Cursor, Windsurf, and npm. Koidex uses an agentic risk engine that analyzes what software is actually made of — going past labels to real composition and behavior — rather than relying on guesswork or signatures. It surfaces newly caught malware in the wild through its "Catch of the Day" feed and publishes original threat research.

• Agentic Risk Engine: Uses AI-driven, agentic analysis to inspect the real composition and behavior of extensions, packages, and apps — not just metadata or labels.
• Multi-Marketplace Coverage: Scans and monitors software across VS Code, JetBrains, Chrome Web Store, Edge Add-ons, Firefox Add-ons, Cursor, Windsurf, npm, PyPI, Hugging Face, MCP, Office Add-ins, Homebrew, and Visual Studio.
• Discovery: Tracks and manages every piece of software the moment it enters your ecosystem, giving full visibility into installed tools.
• Guardrails: Enforces policies to prevent risky or unauthorized software from being used by your teams.
• Governance: Provides oversight and control over the software supply chain across your organization.
• Remediation: Identifies and helps resolve threats found in installed software, reducing exposure quickly.
• Catch of the Day: A live feed of newly discovered malware found in the wild across popular marketplaces, backed by original threat research.
• VS Code Extension: A dedicated Koidex extension for Visual Studio Code lets developers check extension risk directly from their IDE.
• Enterprise Support: Extended coverage for PyPI, Hugging Face, MCP, Office Add-ins, Homebrew, Visual Studio, and OpenVSX is available for enterprise customers.