“We identified this new threat vector early”: Palo Alto CEO frames $400 million Koi deal as pre-emptive strike
Nikesh Arora outlined how Palo Alto plans to close AI’s emerging visibility gap.
After reporting solid quarterly results, Palo Alto Networks used its earnings call to detail a sweeping AI security strategy, including the acquisition of Koi and the recent closing of CyberArk, aimed at defending enterprises as AI agents proliferate.
On Tuesday’s earnings call, CEO Nikesh Arora outlined a strategy that ties together the company’s latest acquisitions with a broader argument: that AI will expand the attack surface so dramatically that security must be rebuilt around real-time control points.
At the center of Arora’s remarks was Palo Alto’s intent to acquire Koi for an estimated $400 million, a startup focused on securing what he described as the “agentic endpoint,” the layer where autonomous AI agents, browser extensions, plug-ins and ephemeral code increasingly operate.
“We are witnessing a dramatic shift in how software lives on the endpoint,” Arora said. “Traditional security tools are often blind to the new AI layer of software.”
The proliferation of model context protocol (MCP) servers, AI coding assistants and browser-based agents has created, in his telling, “a significant unmanaged attack surface.” Palo Alto had already been using Koi’s technology internally since mid-2025, he noted, and decided to move quickly as enterprise coding and AI experimentation accelerated.
“When you start doing coding and vibe coding off your desktop, you’ll see MCP servers and clients spun up on edges,” Arora told analysts. “You’ll see a whole bunch of code that is sitting at the edge, which is not visible to traditional XDR capability.”
Koi’s technology will be folded into Palo Alto’s endpoint and AI security platforms, extending visibility to AI software that runs locally on employee devices, an area Arora suggests is currently under-secured across the industry.
The urgency, he argued, lies in timing. “We identified this new threat vector early,” he said, framing the deal as a pre-emptive move rather than a reaction.
Arora pushed back against a market narrative that AI could render parts of the cybersecurity stack obsolete.
“I’m still confused why the market is treating AI as a threat to cybersecurity,” he said. “As enterprises start putting more critical functionality in the hands of AI, they will want control of AI agents or of their AI infrastructure. That requires more security.”
He drew a parallel to the early cloud era, when Palo Alto leaned heavily on acquisitions to reposition itself for off-premises computing. This time, he said, the starting position is stronger.
“We’re seeing a trend towards more consolidation, more platformization,” Arora said. “You cannot respond fast if you’ve got 70 different vendors who have different data, different logs, different APIs running.”
If AI agents become what he called “autonomous employees,” then security must operate “in real time at the critical control points where decisions are made, across network, endpoint, cloud, browser and identity.”
Palo Alto closed its acquisition of CyberArk early in the fiscal third quarter, bringing in a company that reported record net new ARR and 30% subscription ARR growth in its most recent quarter.
“We bought CyberArk because when AI agents start logging in at machine speed, logging in becomes a primary attack factor,” Arora said. “We believe we are now the only company that can verify the who and secure the what simultaneously.”
CyberArk ended December 2025 with roughly $1.2 billion in next-generation security ARR under Palo Alto’s reporting definition. The acquisition, alongside Chronosphere, will contribute significantly to the company’s ARR and revenue growth this year.
The strategic expansion comes against a backdrop of solid financial performance.
In fiscal Q2, Palo Alto reported $2.59 billion in revenue, up 15%, with next-generation security ARR reaching $6.33 billion, including a $200 million contribution from Chronosphere. Organic NGS ARR grew 28%.
Operating margin exceeded 30% for the third consecutive quarter, reaching 30.3%, while diluted non-GAAP earnings per share came in at $1.03, above guidance.
Adjusted free cash flow over the trailing 12 months reached $3.75 billion, or 37.9% of revenue.
For fiscal 2026, the company guided to revenue between $11.28 billion and $11.31 billion, reflecting growth of 22% to 23%, including $760 million from acquisitions. NGS ARR is expected to reach as much as $8.62 billion.
Despite the scale of recent acquisitions, including $2.3 billion in cash outlay for CyberArk, management emphasized operational discipline and a long-term target of 40% free cash flow margin by fiscal 2028.
