EN, VirusTotal Blog

Crowdsourced AI += Knostic

We’re adding a new specialist to VirusTotal’s Crowdsourced AI lineup: Knostic‘s AgentMesh Agentic Security Supply Chain Reputation Engine. We are partnering with them to analyze Visual Studio Code extension (.VSIX) files. This complements our existing Code Insight and other AI contributors by helping developers, platform engineers, and security teams better understand the security profile of extensions and detect supply-chain threats before installing them.

Why VS Code Extensions Matter

Even putting aside the recent GitHub data breach, resulting from a malicious VS Code extensions, with the rise of IDE-based AI coding assistants and specialized developer tools, Visual Studio Code extensions have become central to modern development workflows. However, this has also made them prime targets for supply-chain attacks. Malicious actors have been caught publishing seemingly benign extensions that secretly download payloads, perform remote code execution, steal credentials, or silently exfiltrate proprietary source code and sensitive environment variables.

What you get in VirusTotal

  • Second opinion for .VSX: Knostic adds a specialized AI-driven analysis stream specifically for `.VSIX` packages. This provides security teams with an independent assessment of extension files, helping to identify both critical vulnerabilities and deliberate backdoor behaviors.
  • Clear Verdicts and Risk Levels : Knostic analyzes files and assigns a clear scan verdict (BENIGN, SUSPICIOUS, or MALICIOUS) coupled with a risk level (such as SAFE, MEDIUM, or CRITICAL) along with detailed descriptions of detected risk indicators.
  • Pivot and Search at Scane in VT Intelligence: Security analysts can now search and filter across Knostic results using newly indexed operators:
    * `knostic_ai_verdict:malicious | suspicious | benign`
    * `knostic_ai_analysis:`

    • knostic_ai_verdict:malicious | suspicious | benign
    • knostic_ai_analysis:[keywords]

    Exploring Real-World Examples

    To illustrate how Knostic’s AgentMesh works in practice, let’s explore some real VS Code extensions that have been analyzed::

    cfdf72c510670341dce392ab250a5f5ff2a398d993d1106fb8026ec6397cb393




    3dc62e65586a9aeeb8521e7824d48abd59cec209d68b87f73a9bbadbd98dc51a


    About

    […]
    Content was cut in order to protect the source.Please visit the source for the rest of the article.

    This article has been indexed from VirusTotal Blog

    Read the original article: