Palo Alto Completes $400M Koi Acquisition, Expands AI Security

Palo Alto Networks has completed its acquisition of Koi, an Israeli cybersecurity startup, in a deal valued at approximately US$400 million. The acquisition expands Palo Alto Networks’ capabilities in artificial intelligence (AI) and software supply chain security, with Koi’s technology set to be integrated into the company’s Prisma AIRS and Cortex XDR product lines. This marks Palo Alto Networks’ 12th acquisition of an Israeli cybersecurity company since 2014, underscoring the company’s sustained focus on Israeli innovation in the security sector.

Deal Overview and Strategic Rationale

Koi raised US$48 million in total funding, including a US$38 million Series A round completed last September, prior to its acquisition by Palo Alto Networks. The startup builds tools designed to monitor third-party software dependencies and protect enterprise endpoints from supply chain-based security risks. By acquiring Koi, Palo Alto Networks gains technology that addresses a growing gap in traditional endpoint security approaches — the oversight of non-executable software components that pose significant organizational risk.

Koi’s Technology and Market Opportunity

Koi’s founders validated market demand through a proof-of-concept study using a fake Visual Studio Code (VS Code) extension named “Darcula Official.” Within one week of publication to the VS Code Marketplace, the extension reached more than 300 organizations and was featured on the marketplace’s front page. The test demonstrated that many enterprise security products focus primarily on executable files and operating system-level threats, often overlooking risks from non-executable software such as developer packages and integrated development environment (IDE) extensions.

Koi’s scope extends beyond traditional IDE extensions to include containers, Model Context Protocol (MCP) servers that connect AI models to external tools and data, and AI models themselves. These non-executable components vastly outnumber executable files in modern software environments and often remain unmanaged and difficult for corporate security teams to identify and monitor. The fake extension case study illustrated that this blindspot represents a material security vulnerability for organizations across industries, including Fortune 500 companies and critical infrastructure operators.

Agentic Endpoint Security Category and Risk Model

Palo Alto Networks has positioned the Koi acquisition within a new security category it calls “Agentic Endpoint Security” (AES). This category addresses the emerging risk posed by AI agents and autonomous software tools that may operate with access to sensitive data and critical systems. Palo Alto Networks characterized this risk as the “ultimate insider threat” — a situation in which AI agents, by design or through compromise, could access and manipulate high-value organizational assets.

The security model underlying AES shifts focus beyond detecting malicious behavior during software execution on individual devices. Instead, it emphasizes governance of the software supply chain that feeds endpoints, including third-party dependencies, AI agents, and plugins. This upstream approach aims to prevent compromised or malicious components from reaching endpoints in the first place, rather than relying solely on detection and response after deployment.

Product Integration and Standalone Strategy

Koi’s technology will be integrated into Palo Alto Networks’ Prisma AIRS and Cortex XDR product suites, both of which focus on detection and response capabilities. Notably, Palo Alto Networks has stated that Koi will be maintained as a standalone product, enabling it to operate alongside existing endpoint detection and response (EDR) tools, including non-Palo Alto solutions. This approach allows enterprises with heterogeneous security tool environments to adopt Koi’s supply chain security capabilities without requiring wholesale replacement of their existing EDR infrastructure.

Frequently Asked Questions

Q: What is Agentic Endpoint Security, and why does Palo Alto Networks consider it important?

Agentic Endpoint Security (AES) is a security category focused on protecting AI agents and autonomous tools that may access sensitive data and critical systems. Palo Alto Networks describes the risks posed by such agents as the “ultimate insider threat” because compromised or malicious agents could operate with legitimate system access. AES addresses this by extending security governance to the software supply chain, including AI models and plugins, rather than focusing solely on endpoint detection during execution.

Q: How does Koi’s software supply chain security differ from traditional endpoint detection and response (EDR) tools?

Traditional EDR tools focus on detecting and responding to malicious behavior on devices during software execution, primarily monitoring executable files and operating system-level activity. Koi’s approach shifts upstream to govern non-executable software components — such as IDE extensions, containers, and AI models — before they reach endpoints. Koi’s fake VS Code extension test demonstrated that these non-executable components can reach hundreds of organizations undetected, representing a gap that traditional EDR tools do not address.

Q: Will Koi remain independent after the acquisition, or will it be fully integrated into Palo Alto Networks’ existing products?

Palo Alto Networks has stated that Koi will be maintained as a standalone product following the acquisition, even as its technology is integrated into Prisma AIRS and Cortex XDR. This allows Koi to operate alongside non-Palo Alto EDR and security tools, enabling enterprises with mixed security environments to adopt Koi’s supply chain security capabilities without replacing their existing infrastructure.