June 18th, 2026 β Crowdsourced AI += Knostic, Self-Service API Key Rotation, domain_exact: Search Modifier, and Advanced Agentic Disassembly & Relationship Mapping
π Crowdsourced AI Expansion: knostic.ai
We are excited to announce the addition of knostic.ai to our crowdsourced AI section. Using Knostic's AgentMesh engine, this integration provides a specialized AI-driven analysis stream for Visual Studio Code extension (.VSIX) files to identify critical vulnerabilities and deliberate backdoor behaviors.
Knostic assigns a clear scan verdict (BENIGN, SUSPICIOUS, or MALICIOUS) coupled with a risk level (such as SAFE, MEDIUM, or CRITICAL). Security analysts can now search and filter across these results in Intelligence search using the new knostic_ai_verdict: and knostic_ai_analysis: operators.
Example Analyses:
- βcfdf72c510670341dce392ab250a5f5ff2a398d993d1106fb8026ec6397cb393
- β3dc62e65586a9aeeb8521e7824d48abd59cec209d68b87f73a9bbadbd98dc51a
About Knostic: Knostic's Kirin platform governs how AI agents and developer extensions interact with internal systems, neutralizing supply-chain risks at the source.
π Advanced Search: domain_exact: Modifier
domain_exact: ModifierIntelligence search now includes the domain_exact: modifier. This new tool allows for exact-domain matching, complementing the existing domain: (substring) and domain_regex: operators. It is specifically designed for targeting a single domain without the noise of partial matches.
See all advanced search modifiers here
π Self-Service API Key Rotation
Enterprise customers can now independently cycle their credentials directly from the user interface. This self-service functionality eliminates the need for support tickets for routine security updates.
- What's New: A "Rotate API Key" button is now live on the API key management page.
- Why It Matters: Enables instant response to potential compromises and adherence to internal rotation policies.
- Note: Generating a new key instantly invalidates the previous one; ensure active tools are updated immediately.
π€ Google TI Agentic Updates
Declarative Relationship Mapping (Graphviz & Mermaid)
The agent can now compile and natively render structural relationship diagrams using Graphviz DOT and Mermaid syntax. This is ideal for investigating complex infection chains or infrastructure overlaps directly in the chat.
Advanced PowerShell Disassembly & Speakeasy CPU Emulation
Agent is now able to autonomously unpack, de-obfuscate, and dynamically emulate multi-stage Living-off-the-Land (LotL) PowerShell droppers using extended Speakeasy CPU emulation, dissecting embedded byte arrays and memory injection routines.
Multi-Platform .NET Disassembly & Enriched Filesystem Navigation
Seamlessly bridge multi-platform infection handoffs. The agent navigates internal resources of .NET executables to mount embedded files and disassemble secondary Living-off-the-Land (LotL) payloads.
JavaScript Sandboxing & Multi-Pass De-obfuscation
A dedicated analysis engine for heavily obfuscated JavaScript threats is now live. The agent performs multi-pass AST de-obfuscation via Restringer and evaluates routines inside an isolated sandbox.