Koidex

Product Introduction

1. Definition: Koidex is a security analysis platform (technical category: Software Composition Analysis) that scans software components across development ecosystems. It evaluates browser extensions (Chrome, Edge, Firefox), IDE plugins (VS Code, JetBrains, Cursor, Windsurf), code packages (npm, PyPi), and AI models (Hugging Face) for malware and supply chain risks.
2. Core Value Proposition: Koidex answers "Is this safe to install?" instantly, preventing malware infections via compromised software dependencies. Its core function is real-time risk detection across 15+ marketplaces without configuration, prioritizing zero-day threat prevention for developers and enterprises.

Main Features

1. Multi-Marketplace Security Scanning:
   Koidex crawls 15+ repositories (VS Code, npm, Hugging Face, etc.) using automated agents that dissect software metadata, code patterns, and behavioral signatures. It employs static analysis for known malware patterns (e.g., credential stealers, CSRF bypasses) and dynamic sandboxing to detect suspicious runtime activities.
2. Real-Time IDE Protection:
   The Koidex IDE extension (for Cursor, Windsurf, VS Code) performs background scans during installations. It intercepts package/extension downloads, cross-references them with Koi’s threat database updated hourly, and blocks high-risk items (e.g., themes with hidden keyloggers) pre-execution.
3. Agentic Risk Engine:
   Unlike signature-based tools, Koidex uses AI agents to simulate software behavior in isolated environments. This detects novel threats (e.g., "ClawHavoc" campaign) by analyzing code execution paths, data exfiltration attempts, and privilege escalation triggers without relying on predefined rules.

Problems Solved

1. Pain Point: Supply chain attacks via malicious open-source packages, extensions, or models (e.g., "DarkSpectre" infecting 8.8M browsers). Koidex eliminates blind spots in dependency trust.
2. Target Audience:
   • Developers: JavaScript/Python coders using npm/PyPi.
   • ML Engineers: Hugging Face model users.
   • Security Teams: Enterprises managing IDE/Browser extension governance.
   • Browser Users: Installers of Chrome/Edge add-ons.
3. Use Cases:
   • Blocking malware-laden VS Code themes (e.g., "Cosmic Nebula Themes" with 12.7K installs).
   • Preventing credential theft from compromised Outlook add-ins ("AgreeToSteal" attack).
   • Scanning AI models for embedded malicious code before fine-tuning.

Unique Advantages

1. Differentiation: Unlike Snyk or Sonatype, Koidex specializes in non-traditional components (IDE plugins, AI models) and browser extensions—ignored by most SCA tools. It also scans niche markets (e.g., Windsurf, Cursor) and offers real-time IDE integration competitors lack.
2. Key Innovation: The agentic engine reconstructs software behavior contextually. For example, it identified "VK Styles" extensions hijacking 500K VKontakte accounts by simulating group-forcing actions and CSRF exploits missed by static analyzers.

Frequently Asked Questions (FAQ)

1. Is Koidex compatible with JetBrains IDEs?
   Yes, Koidex scans JetBrains Marketplace plugins for malware and integrates with IntelliJ, WebStorm, and PyCharm via its IDE extension.
2. How does Koidex detect zero-day malware?
   Koidex’s agentic engine executes software in sandboxed environments, monitoring for anomalous behaviors like unauthorized data transmission or registry edits, identifying novel threats without prior signatures.
3. Can Koidex scan private enterprise repositories?
   Enterprise tiers support private npm/PyPi/Hugging Face repositories, enabling custom policy enforcement and automated compliance reports.
4. Is the Koidex Chrome extension scanner free?
   Yes, Koidex’s public marketplace scanning (Chrome Web Store, npm, etc.) is entirely free, with no account or setup required.
5. How often is Koidex’s threat database updated?
   The database refreshes hourly with new malware signatures and behavioral patterns from monitored marketplaces, including emerging campaigns like "ClawHavoc."