Crowdsourced AI and Knostic
VirusTotal adds Knostic's AgentMesh engine to analyze VS Code extension files, helping developers and security teams detect supply-chain threats before installation.
We’re adding a new specialist to VirusTotal’s Crowdsourced AI lineup: Knostic's AgentMesh Agentic Security Supply Chain Reputation Engine. We are partnering with them to analyze Visual Studio Code extension (.VSIX) files. This complements our existing Code Insight and other AI contributors by helping developers, platform engineers, and security teams better understand the security profile of extensions and detect supply-chain threats before installing them.
Why VS Code Extensions Matter
Even putting aside the recent GitHub data breach, resulting from a malicious VS Code extensions, with the rise of IDE-based AI coding assistants and specialized developer tools, Visual Studio Code extensions have become central to modern development workflows. However, this has also made them prime targets for supply-chain attacks. Malicious actors have been caught publishing seemingly benign extensions that secretly download payloads, perform remote code execution, steal credentials, or silently exfiltrate proprietary source code and sensitive environment variables.
What you get in VirusTotal
Second opinion for .VSX: Knostic adds a specialized AI-driven analysis stream specifically for .VSIX packages. This provides security teams with an independent assessment of extension files, helping to identify both critical vulnerabilities and deliberate backdoor behaviors.
Clear Verdicts and Risk Levels : Knostic analyzes files and assigns a clear scan verdict (BENIGN, SUSPICIOUS, or MALICIOUS) coupled with a risk level (such as SAFE, MEDIUM, or CRITICAL) along with detailed descriptions of detected risk indicators.
Pivot and Search at Scane in VT Intelligence: Security analysts can now search and filter across Knostic results using newly indexed operators:
knostic_ai_verdict:malicious | suspicious | benignknostic_ai_analysis:
knostic_ai_verdict:malicious | suspicious | benign
knostic_ai_analysis:[keywords]
Exploring Real-World Examples
To illustrate how Knostic’s AgentMesh works in practice, let’s explore some real VS Code extensions that have been analyzed::