Koi AI Platform™
The world's first agentic endpoint security platform — complete visibility, risk intelligence, and policy enforcement across every piece of software before it ever reaches an endpoint
Overview:
Koi is the world's first agentic endpoint security platform — the only solution that gives enterprises complete visibility, risk intelligence, and policy enforcement across every piece of software, binary and non-binary, before it ever reaches an endpoint.
Built as a single cohesive platform, every product shares the same risk intelligence, the same Koidex™ database, and the same policy engine. Koi is joining Palo Alto Networks, securing the future of AI-safe software installs.
- World's first Endpoint Security Posture Management (ESPM) platform.
- Complete visibility across binary apps, extensions, packages, AI models, AI agents, and MCPs.
- Wings™ agentic AI risk engine scans every marketplace hourly and scores every piece of software dynamically.
- Supply Chain Gateway intercepts install requests at the network layer before they reach an endpoint.
- Koidex™ proprietary threat intelligence database — dozens of marketplaces tracked, millions of packages indexed.
- 100% agentless deployment — up and running in under 60 minutes.
- API-first by design — every dashboard feature available via REST API.
- Trusted by Fortune 50 organisations as early customers.
Three Layers. One Unified Platform.
Koi is built around three integrated products that work together as a single system:
Koi Endpoint — Endpoint Security Posture Management
The world's first ESPM — complete visibility into every application, package, extension, AI model, and MCP across all endpoints. Agentless, real-time, and actionable. Learn more →
Koi Wings™ — Agentic AI Risk Intelligence Engine
Wings™ scans every marketplace hourly, analyses actual code with LLM, sandboxes behaviour, and assigns a dynamic risk score to every piece of software — updating in real time. Learn more →
Koi Gateway — Supply Chain Gateway
A new architectural layer that sits at the network between your team and every marketplace — governing every software install before it reaches an endpoint. Learn more →
Universal Software Discovery
Track every application, code package, OS package, extension, AI model, AI agent, and MCP the moment it appears — across macOS, Windows, and Linux. Binary and non-binary alike, with no blind spots and no manual cataloguing.
- Full coverage across binary apps, browser extensions, npm/pip packages, AI models, MCPs, and containers.
- Agentless discovery across macOS, Windows, and Linux.
- Real-time inventory updated the moment software appears or changes.
- No manual cataloguing or scripting required.
Continuous Risk Assessment
Wings™ continuously evaluates code, behaviour, ownership changes, and update channels — adjusting risk scores in real time. Every version change triggers a full re-score automatically, with no manual intervention required.
- LLM-powered code analysis comparing claimed versus actual behaviour.
- Behavioural sandboxing before software reaches any endpoint.
- Publisher reputation and ownership history tracked across all marketplaces.
- Automatic re-score on every version release, ownership change, or new CVE disclosure.
Granular Policy Engine
Apply policy by user, group, risk level, or software type. Auto-approve what is safe, block what is not, and remediate in one click — with scoped, time-bound exceptions and a full audit trail on every decision.
- Allow/block lists configurable by user, group, or software category.
- Scoped, time-bound exceptions with full justification and audit trail.
- Cooldown periods for newly released software.
- Every allow, block, and approval decision logged for compliance reporting.
One-Click Remediation
Quarantine or remove risky items, roll back versions, open tickets, and notify owners — completely agentlessly, across hundreds of thousands of endpoints simultaneously.
- Automated remediation triggered when risk scores cross defined thresholds.
- Version rollback for previously approved software that has changed.
- Bulk removal across the entire endpoint fleet without agents.
- Owner alerts and ticketing integration for IT review workflows.
Koidex™ — Proprietary Threat Intelligence Database
Every risk score Wings™ produces is backed by Koidex™ data — publisher reputation history, cross-marketplace signals, version lineage, and behavioural baselines built from millions of scans.
- Dozens of marketplaces tracked including Chrome Web Store, npm, PyPI, VS Code Marketplace, HuggingFace, and more.
- Full database refresh completed every hour.
- Millions of packages indexed with dynamic risk scores.
- Cross-marketplace publisher reputation signals unavailable in any traditional security tool.
Internal Software Distribution
Publish and distribute approved software internally — so employees can discover and install approved tools without leaving Koi's governance perimeter. Reduces shadow IT while keeping teams productive.
- Curated internal software catalogue for approved tools.
- Employees request software through the governed approval flow.
- Approved installs distributed without bypassing policy.
- Reduces shadow IT without blocking discovery.
Agentless Deployment
Koi deploys at the network layer via PAC files, SWG integration, or user-mode agents — covering every endpoint without touching individual machines. Most organisations are fully deployed and discovering software within 60 minutes.
- Network-based deployment via PAC files or SWG integration.
- No endpoint agents required for full platform coverage.
- Up and running in under 60 minutes.
- Works alongside existing EDR, MDM, and SWG deployments.
API-First Platform
Every feature available in the Koi dashboard is also available via REST API — enabling full automation, custom workflows, and deep integration with your existing security tooling. When Koi says API-first, every feature is included.
- Full REST API coverage for every dashboard feature.
- Enables custom automation and workflow integration.
- Webhooks for real-time event-driven workflows.
- Documented API with SDK support.
Integrations
Koi works seamlessly alongside your existing security stack — SWG, EDR, MDM, PAC files, SIEM, SOAR, and ticketing systems. It is designed to complement, not replace, the tools you already use.
- Palo Alto Networks Prisma AIRS and Cortex XDR
- CrowdStrike Falcon
- Zscaler and Netskope (SWG)
- Microsoft Intune and Jamf (MDM)
- Splunk and Microsoft Sentinel (SIEM)
- ServiceNow, Jira, and Slack (ticketing and notifications)
What Koi Adds to Your Existing Stack
Traditional endpoint security tools were not built for software marketplaces. The following capabilities are unique to Koi and absent from EDR, SWG, and MDM platforms:
- Non-binary software discovery (extensions, packages, AI models, MCPs) — not available in EDR, SWG, or MDM.
- LLM-based code analysis — not available in any traditional endpoint tool.
- Hourly marketplace scanning — not available in EDR, SWG, or MDM.
- Publisher reputation tracking across all marketplaces — not available in traditional tools.
- Dynamic risk score per version — not available in EDR, SWG, or MDM.
- AI model and MCP tool coverage — not available in any traditional endpoint category.
- Pre-install network-layer governance — not available in EDR or MDM.
Koi AI Platform™ Specifications:
Table 1. Koi Platform Coverage and Capabilities |
||
|---|---|---|
| Cloud (Managed) | Self-Hosted (Enterprise) | |
| Deployment model | Managed cloud | On-premises and private cloud |
| Deployment method | Agentless — PAC files, SWG integration, or user-mode agents | |
| Time to deploy | Under 60 minutes for full platform coverage | |
| Operating systems | macOS, Windows, Linux | |
| Software types covered | Binary apps, browser extensions, npm/pip packages, AI models, AI agents, MCP tools, OS packages, containers | |
| Threat intelligence | Koidex™ — dozens of marketplaces, hourly scans, millions of packages indexed | |
| Risk engine | Wings™ — LLM code analysis, behavioural sandboxing, publisher reputation, network egress monitoring | |
| Pre-install control | Supply Chain Gateway — network-layer interception, policy enforcement, approval workflows | |
| Post-install governance | Endpoint ESPM — inventory, continuous monitoring, one-click remediation, compliance reporting | |
| API | Full REST API — every dashboard feature available programmatically | |
| Integrations | Palo Alto Networks, CrowdStrike, Zscaler, Netskope, Microsoft Intune, Jamf, Splunk, Sentinel, ServiceNow, Jira, Slack | |
| Table 2. Platform Architecture Layers |
|---|
| Layer 1 – Koidex™ Threat Intelligence Database |
| Continuously updated database tracking dozens of marketplaces hourly. Publisher reputation, version lineage, and behavioural baselines from millions of scans. |
| Layer 2 – Wings™ Agentic AI Risk Engine |
| LLM code analysis, behavioural sandboxing, and publisher reputation scoring. Dynamic risk scores updated on every version change, ownership transfer, or new CVE. |
| Layer 3 – Supply Chain Gateway |
| Network-layer interception of every software install request. Policy-based allow, block, or approval routing before any software reaches an endpoint. |
| Layer 4 – Endpoint ESPM |
| Post-install visibility, continuous monitoring, one-click remediation, and compliance reporting across all endpoints and software types. |
| Table 3. Koi Platform vs. Traditional Security Tools |
|---|
| Non-Binary Software Discovery |
| Koi: Full coverage. EDR/AV: Not available. SWG/Proxy: Partial. MDM: Not available. |
| LLM-Based Code Analysis |
| Koi: Full coverage. EDR/AV: Not available. SWG/Proxy: Not available. MDM: Not available. |
| Pre-Install Network-Layer Governance |
| Koi: Full coverage. EDR/AV: Post-execution only. SWG/Proxy: URL blocking only. MDM: Not available. |
| AI Model & MCP Coverage |
| Koi: Full coverage. EDR/AV, SWG/Proxy, MDM: Not available in any traditional endpoint category. |
| Hourly Marketplace Scanning |
| Koi: Full coverage across dozens of marketplaces. EDR/AV, SWG/Proxy, MDM: Not available. |