What is Koi Security's core product?

Koi Security offers Supply Chain Gateway, a platform that acts as a central checkpoint for all software accessing enterprise endpoints. It provides unified software inventory, real-time risk analysis, automated policy enforcement, and preventative fixes to block noncompliant components.

How much funding did Koi Security raise?

Koi raised $48 million across seed and Series A rounds, including a $38 million Series A led by Battery Ventures, Team8, Picture Capital, and NFX, with participation from Cerca Partners.

What types of software does Koi Security protect against?

Koi focuses on noncompiled software including code packages, operating system packages, containers, browser extensions, code editor extensions, AI models, and Model Context Protocol (MCP) services that traditional security tools often miss.

What is the "Darcula Official" experiment?

Koi's founders created a fake VSCode extension called "Darcula Official" that secretly stole source code and machine details. Within a week, it infected over 300 organizations worldwide, proving the severity of software supply chain vulnerabilities.

How many endpoints does Koi Security currently protect?

Koi has rapidly scaled to secure more than 500,000 endpoints worldwide and is already integrated by Fortune 50 companies including major financial institutions and technology companies.

What is Koi's Wings AI engine?

Wings is Koi's AI-driven security engine that uses threat intelligence, classification, and sandboxing to identify threats that traditional scanners may overlook, providing automated risk assessment and threat detection.

Who founded Koi Security?

Koi was founded in 2024 by veterans of Israel's elite Unit 8200 cyber unit, led by co-founder and CEO Amit Assaraf.

What is ExtensionTotal?

ExtensionTotal is Koi's product specifically designed to detect risky extensions installed in code editors. It was developed from their initial VSCode marketplace research and informed their broader endpoint security platform.

Why can't traditional EDR solutions handle modern software threats?

Traditional Endpoint Detection and Response (EDR) tools focus on compiled binary software but struggle with modern noncompiled software that operates at higher layers while still having access to sensitive data and systems.

What makes Koi's approach unique?

Koi provides proactive security by curating what software is allowed into enterprise environments and blocking risky, malicious, or noncompliant components before they reach endpoints, rather than detecting threats after they're already installed.

Which major companies use Koi Security?

While specific names aren't disclosed, Koi protects Fortune 50 companies including major financial enterprises and technology companies across various industries.

What will Koi do with the new funding?

The $48 million will be used to accelerate product development, expand global customer reach, and enhance their AI-powered threat detection capabilities to address the growing software supply chain security market.

Currently viewing the AI version

Switch to human version

Koi Security: Software Supply Chain Defense Platform

Company Overview

Funding: $48M (Series A led by Battery Ventures, Team8, Picture Capital, NFX)
Founded: 2024 by Unit 8200 veterans
CEO: Amit Assaraf
Scale: 500K+ endpoints protected, Fortune 50 clients

Core Problem: Unmanaged Developer Tool Risks

Critical Gap in Traditional Security

EDR tools are blind to modern software supply chain threats
Traditional tools designed for signed executables from known vendors
Cannot detect package installations, extension permissions, model downloads, container layers
Impact: Complete visibility gap for majority of enterprise software components

High-Risk Software Categories (Invisible to Traditional Tools)

npm packages - maintainers with unknown credentials
VSCode extensions - extensive file system access permissions
Docker images - arbitrary code from public repositories
AI models - unknown training data and potential backdoors
GitHub repositories - direct code integration into production
Operating system packages - system-level access capabilities

Proven Attack Vectors

VSCode Marketplace Vulnerability (Proof of Concept)

Attack: Fake "Darcula Official" extension (mimicked popular dark theme)
Payload: Source code theft and machine details exfiltration
Impact: 300 organizations infected within 7 days
Targets: Multibillion-dollar companies, national court network
Success factors: Name squatting, marketplace trust model exploitation

Real-World Risk Scenarios

SolarWinds supply chain compromise - Russian state actors compromised software updates
Log4j vulnerability - Single Java library affected global infrastructure
Malicious npm packages - Package name typosquatting and dependency confusion attacks

Technical Solution: Supply Chain Gateway

Core Capabilities

Unified software inventory - Complete visibility across all software types
Real-time risk analysis - Continuous threat assessment
Automated policy enforcement - Blocking noncompliant components
Preventative fixes - Pre-installation threat mitigation

Wings AI Engine Specifications

Threat intelligence integration - Known malicious actor patterns
Code classification - Automated risk categorization
Sandboxing analysis - Behavioral threat detection
Publisher reputation scoring - Trust-based filtering

ExtensionTotal Product

Focus: Code editor extension security
Detection: Risky permissions and malicious behavior
Foundation: Expanded into broader endpoint security platform

Implementation Requirements

Resource Costs

Time investment: Rapid deployment possible (based on 500K endpoint scale)
Expertise required: Integration with existing security infrastructure
Operational overhead: Policy configuration and maintenance

Technical Prerequisites

Network integration: Central checkpoint for software access
Endpoint agent deployment - Monitoring and enforcement capability
Policy framework setup - Define acceptable software criteria

Critical Warnings

What Official Documentation Doesn't Tell You

Developer resistance expected - Workflow disruption during implementation
False positive management - Legitimate software may be blocked initially
Performance impact - Real-time scanning adds latency to software installations

Breaking Points and Failure Modes

Policy too restrictive - Development productivity collapse
Policy too permissive - Security gap persistence
Incomplete coverage - Attackers will find unmonitored channels

Decision Criteria

When to Implement

Regulatory compliance requirements (finance, healthcare)
Post-breach remediation (SolarWinds-style incidents)
AI model governance needs (enterprise AI adoption)
Container security gaps (Docker/Kubernetes environments)

Alternatives Comparison

Traditional EDR: Binary-focused, supply chain blind
Manual review processes: Cannot scale to modern package volume
SAST/DAST tools: Limited to code analysis, miss runtime behavior

Market Timing Factors

Why Now

Regulatory pressure increasing - Supply chain security mandates
AI adoption acceleration - Model download security concerns
Developer tool proliferation - VSCode marketplace, GitHub Copilot integration
Remote work expansion - Reduced IT control over software installations

Enterprise Adoption Patterns

Proactive buyers: Financial institutions, government contractors
Reactive buyers: Post-breach panic purchasing (majority pattern)
Wait-and-see: Cost-conscious organizations awaiting proven ROI

Operational Intelligence

Common Implementation Failures

Insufficient developer buy-in - Tool adoption resistance
Inadequate policy tuning - High false positive rates
Incomplete threat intelligence - Unknown attack vector persistence
Integration complexity - Existing security tool conflicts

Success Indicators

Developer workflow preservation - Minimal productivity impact
Threat detection accuracy - Low false positive rates
Policy compliance rates - High legitimate software approval
Incident reduction metrics - Measurable security improvement

Hidden Costs

Policy management overhead - Ongoing rule refinement
Security team training - New tool expertise development
Developer education - Secure software selection practices
Integration maintenance - Tool compatibility updates

Koi Security: Software Supply Chain Defense Platform

Company Overview

Core Problem: Unmanaged Developer Tool Risks

Critical Gap in Traditional Security

High-Risk Software Categories (Invisible to Traditional Tools)

Proven Attack Vectors

VSCode Marketplace Vulnerability (Proof of Concept)

Real-World Risk Scenarios

Technical Solution: Supply Chain Gateway

Core Capabilities

Wings AI Engine Specifications

ExtensionTotal Product

Implementation Requirements

Resource Costs

Technical Prerequisites

Critical Warnings

What Official Documentation Doesn't Tell You

Breaking Points and Failure Modes

Decision Criteria

When to Implement

Alternatives Comparison

Market Timing Factors

Why Now

Enterprise Adoption Patterns

Operational Intelligence

Common Implementation Failures

Success Indicators

Hidden Costs

Related Tools & Recommendations

GitOps Integration Hell: Docker + Kubernetes + ArgoCD + Prometheus

Redis vs Memcached vs Hazelcast: Production Caching Decision Guide

Memcached - Stop Your Database From Dying

Docker Alternatives That Won't Break Your Budget

I Tested 5 Container Security Scanners in CI/CD - Here's What Actually Works

RAG on Kubernetes: Why You Probably Don't Need It (But If You Do, Here's How)

Kafka + MongoDB + Kubernetes + Prometheus Integration - When Event Streams Break

GitHub Actions Marketplace - Where CI/CD Actually Gets Easier

GitHub Actions Alternatives That Don't Suck

GitHub Actions + Docker + ECS: Stop SSH-ing Into Servers Like It's 2015

Deploy Django with Docker Compose - Complete Production Guide

Stop Waiting 3 Seconds for Your Django Pages to Load

Django - The Web Framework for Perfectionists with Deadlines

jQuery - The Library That Won't Die

AWS RDS Blue/Green Deployments - Zero-Downtime Database Updates

KrakenD Production Troubleshooting - Fix the 3AM Problems

Fix Kubernetes ImagePullBackOff Error - The Complete Battle-Tested Guide

Kafka Will Fuck Your Budget - Here's the Real Cost

Apache Kafka - The Distributed Log That LinkedIn Built (And You Probably Don't Need)

Fix Git Checkout Branch Switching Failures - Local Changes Overwritten