Top AI Product

So here’s a tool I’ve been poking around with this week, and the timing couldn’t be more interesting. [Koidex](https://dex.koi.security/) launched on Product Hunt on February 26th and grabbed the #1 spot with over 412 upvotes. Meanwhile, its parent company Koi just got [scooped up by Palo Alto Networks](https://www.paloaltonetworks.com/company/press/2026/palo-alto-networks-announces-intent-to-acquire-koi-to-secure-the-agentic-endpoint) for roughly $400 million. Not bad for a company that only raised $48 million total.

But let’s talk about what Koidex actually does, because the product itself is genuinely useful. It answers one simple question: “Is this thing safe to install?” You type in a package name, a browser extension, an IDE plugin, or even a Hugging Face model, and Koidex spits back a risk score. It covers VS Code, Chrome, JetBrains, npm, and more — all from [one search interface](https://dex.koi.security/). No more bouncing between five different tools to figure out if that random npm package is going to ruin your day.

The scoring isn’t just some basic reputation check either. Koidex blends static analysis with behavioral signals — things like permission overreach, obfuscated code, sketchy install patterns, and dependency red flags. It re-checks packages over time too, so if a previously clean extension pushes a suspicious update, you’ll know.

The team behind this has serious cred. They’re the researchers who uncovered GlassWorm, ShadyPanda, and PhantomRaven — all real supply chain attacks hiding in developer tools. They even ran [an experiment](https://www.koi.ai/blog/1-6-how-we-hacked-multi-billion-dollar-companies-in-30-minutes-using-a-fake-vscode-extension) where they published a harmless fake VS Code theme and saw installs from Fortune 500 networks within 30 minutes. That’s terrifying, and it’s exactly why a tool like this matters.

The [Product Hunt launch](https://www.producthunt.com/products/koidex-2) blowing up makes sense given the news cycle. [CyberScoop](https://cyberscoop.com/palo-alto-networks-acquires-koi-agentic-ai-security/), [Help Net Security](https://www.helpnetsecurity.com/2026/02/17/palo-alto-networks-koi-acquistion/), and [SiliconANGLE](https://siliconangle.com/2026/01/04/palo-alto-networks-reportedly-explores-400m-acquisition-koi-security/) have all been covering the acquisition story since mid-February. The Koi founders — Unit 8200 alumni led by CEO Amit Assaraf — are clearly building something Palo Alto thinks is worth a big bet. Post-acquisition, Koi’s tech is headed into Prisma AIRS and Cortex XDR.

There’s also a [VS Code extension](https://marketplace.visualstudio.com/items?itemName=extensiontotal.extensiontotal-vscode) that scans your installed extensions and flags risky ones in real time. If you write code for a living and haven’t thought much about whether your extensions are trustworthy, this is a good wake-up call. Give it a spin.