Call a Specialist Today! (02) 9388 1741

  1. Home
  2. Products
  3. Koi AI
  4. Koi Endpoint

Koi AI Endpoint
Discover all software on your enterprise endpoints – binary and non-binary – and govern by removing or reconfiguring risky, malicious, or non-compliant installs

Koi AI Endpoint

Koi AI Products
Koi Endpoint
Koi AI Endpoint
#KOI-ENDPOINT
Our Price: Request a Quote
Get a Quote

 

Overview:

Koi Endpoint is an Endpoint Security Posture Management (ESPM) platform that maps out all software in your enterprise – from desktop applications to code packages, AI models, OS packages, drivers, browser extensions, and containers. Most endpoint security tools see files. Koi sees applications, giving you the full picture of what is actually installed and running across your environment.

Every piece of discovered software is scored by the Wings™ risk engine, which continuously scans marketplaces, assesses vendor reputation, analyses actual code behaviour, and assigns a dynamic risk score. When a risk is identified, Koi acts – removing or reconfiguring malicious, risky, or non-compliant software across hundreds of thousands of endpoints simultaneously with no manual scripting required.

  • Full software inventory across all endpoints – binary apps, browser extensions, AI models, MCPs, npm/pip packages, OS packages, and containers.
  • Application-level visibility, not file-level noise – running and idle applications with no DLL clutter.
  • Wings™ risk engine assigns dynamic risk scores based on code analysis, vendor reputation, and behavioural assessment.
  • Automated remediation – remove or reconfigure risky software across the entire fleet simultaneously.
  • Preventive policies block up to 70% of marketplace risk in a few clicks without writing scripts.
  • Automated approvals for safe software keep security from becoming a business bottleneck.
  • Endpoint Security Posture Management (ESPM) – a world-first category covering the full software attack surface.
  • Integrates with existing security platforms via REST API for automated workflows and SIEM-level visibility.

Complete Software Inventory

Discover every piece of installed software across all endpoints – whether binary or portable applications, or non-binary software like code packages, OS packages, browser extensions, AI models, MCPs, or containers. Koi inventories them all, running or idle, from a single platform.

  • Binary applications across Windows, macOS, and Linux.
  • Browser extensions across Chrome, Edge, Firefox, and more.
  • AI models, MCP tools, and AI agent components.
  • npm, pip, and other code package managers.
  • OS packages, drivers, and containers.

Application-Level Visibility

Get rid of DLL inventories. Koi provides full visibility to all applications in your environment whether running or not, delivering application-level context rather than file-level noise. Every application is surfaced with its review status, risk report, and publisher reputation.

  • Application-level view, not file or process lists.
  • Running and idle applications both captured.
  • Review status, risk report, and publisher reputation per app.
  • No DLL clutter or low-signal file inventories.

Automated Remediation

Remove or reconfigure malicious, risky, or non-compliant software in seconds across hundreds of thousands of endpoints simultaneously. Zero manual effort or scripting required – policies are enforced automatically fleet-wide the moment a risk threshold is crossed.

  • Bulk removal across the entire fleet simultaneously.
  • Reconfiguration actions for policy drift correction.
  • Auto-remediation triggered by risk score thresholds.
  • No manual scripting or per-machine intervention required.

Preventive Policies

Define org-wide rules by user, group, and asset sensitivity to block risky software categories before they reach endpoints. Guardrails can be enabled across all endpoints in a few clicks, blocking up to 70% of marketplace risk without a single script.

  • Org-wide policy rules by user, group, and asset type.
  • Allow/block lists enforced automatically at install time.
  • Approval workflows with configurable cooldowns.
  • Block 70% of marketplace risk without manual scripting.

Easy Allow – Automated Approvals for Safe Software

Stay in control without slowing down the business. Koi's automated approval workflows allow safe software to be adopted without requiring manual security review for every request, so teams remain productive while risk guardrails stay active in the background.

  • Automated approvals for software meeting policy thresholds.
  • Allow list management without manual per-request review.
  • Security teams notified only when review is genuinely required.
  • Eliminates security as the bottleneck for software adoption.

Wings™ – What Software Is Actually Made Of

Wings™ is the risk engine powering Koi Endpoint. It surpasses surface-level scans by analysing what is really under the hood of every piece of software – detecting malware, blocking risky installs, and removing existing threats across the entire organisation. Because software is not static, risk scores update continuously with every new version, ownership change, or update channel shift.

  • Full marketplace scan completed every hour for continuously fresh risk intelligence.
  • Vendor reputation assessment based on cross-marketplace history, ownership, and track record.
  • LLM-powered code analysis comparing what software claims to do versus what it actually does.
  • Dynamic behavioural analysis including enrichment and sandboxing before software reaches endpoints.
  • Precise risk score per application based on all detected indicators.
  • Continuous score updates as software versions, ownership, and update channels change.

Ongoing Market Scanning

Wings™ completes a full scan of all software marketplaces every hour, keeping risk intelligence continuously fresh and up to date. New releases, version updates, and ownership transfers are captured within the same scanning cycle and reflected in risk scores immediately.

Actual vs. Promised Comparison

An LLM analyses the actual code behind every piece of software and compares what it claims to do versus what it actually does at a code level. This detects capability misrepresentation, hidden data collection, and functionality that only activates after install – behaviours that signature-based tools cannot identify.

Dynamic Analysis on Actual Code

Full behavioural analysis including code enrichment and sandboxing is performed before software ever reaches your endpoints. Runtime behaviour, network egress patterns, and permission requests are all evaluated as part of the Wings™ assessment pipeline.

  • Code enrichment and sandboxing pre-deployment.
  • Runtime behaviour and network egress analysis.
  • Permission request evaluation against expected behaviour.
  • CVE mapping and publisher reputation cross-referenced in every score.

Koi AI Endpoint Specifications:


Table 1. Endpoint Coverage and Capabilities
  Cloud (Managed) Self-Hosted (Enterprise)
Software types inventoried Binary apps, browser extensions, AI models, MCPs, npm/pip packages, OS packages, drivers, and containers
OS support Windows, macOS, and Linux endpoints
Risk engine Wings™ – continuous marketplace scanning, vendor reputation, LLM code analysis, and behavioural sandboxing
Risk score updates Continuous – updated on every new version, ownership change, or update channel shift
Remediation scope Bulk removal and reconfiguration across the entire endpoint fleet simultaneously
Policy enforcement Org-wide allow/block rules by user, group, and asset sensitivity with automated approvals
Deployment options Managed cloud On-premises and private cloud
API access REST API for automated workflows, SIEM integration, and custom reporting
Table 2. Wings™ Risk Engine
Marketplace Scanning
Full scan of all software marketplaces every hour. New releases, updates, and ownership transfers captured within the same cycle.
Vendor Reputation
Cross-marketplace reputation assessment based on publishing history, ownership history, and track record across all previous releases.
Code Analysis
LLM-powered analysis comparing claimed versus actual code behaviour. Detects capability misrepresentation and hidden functionality.
Behavioural Analysis
Code enrichment and sandboxing before deployment. Runtime behaviour, network egress, and permission request evaluation.
CVE Mapping
Known vulnerability mapping cross-referenced in every risk score with publisher reputation and code-level findings.
Table 3. Governance and Policy Capabilities
Discovery
Full software inventory across all endpoints simultaneously. Review status, risk report, and publisher reputation per application.
Preventive Policies
Org-wide rules by user, group, and asset sensitivity. Allow/block lists with automated approvals. Blocks up to 70% of marketplace risk without scripting.
Remediation
Bulk removal and reconfiguration across the entire fleet. Auto-remediation triggered by risk thresholds. No manual scripting required.
Posture Dashboard
Active remediation queue with per-application risk status, affected user counts, and recommended actions across the full estate.
API & Integrations
REST API for automated workflows. SIEM and security platform integrations for centralised visibility and alerting.
Koi AI Products
Koi Endpoint
Koi AI Endpoint
#KOI-ENDPOINT
Our Price: Request a Quote
Get a Quote