Koi Platform is a software supply chain security solution that provides visibility and control over installable software across enterprise endpoints. The platform monitors and secures packages, browser extensions, IDE plugins, CI/CD pipeline components, AI models, and other installable software from various marketplaces. The platform uses Wings, a risk engine that performs hourly marketplace scans, analyzes publisher reputations across marketplaces, compares actual software code against promised functionality, and conducts dynamic code analysis including sandboxing. The engine detects secrets, vulnerabilities, and malware within software code and assigns risk scores that update with new versions. Koi provides discovery capabilities to identify all self-provisioned software running in an organization, along with review statuses, risk reports, and publisher reputations. The platform includes preventive policies that can block risky software installations across endpoints and automated approval workflows for safe software adoption. The platform supports multiple software sources including browser extensions (Chrome, Firefox, Edge), IDEs (Visual Studio Code, JetBrains, Cursor), package managers (NPM, PyPI, Homebrew), GitHub, Hugging Face, Office Add-ins, and MCP. It integrates with existing security infrastructure including SWG, EDR, MDM, PAC files, and user-mode agents. Koi offers risk reporting with visibility into top risk categories and risk trends over time, internal software publishing capabilities for secure distribution, and API-first architecture for automation.