Palo Alto Networks completes $400 million acquisition of Koi
The Israeli startup strengthens the company’s push into AI and endpoint security.
Palo Alto Networks has completed its acquisition of Israeli cybersecurity startup Koi, finalizing a deal previously estimated at around $400 million and underscoring the growing importance of securing artificial intelligence-driven systems.
Founded in 2024, Koi raised $48 million, including a $38 million Series A round last September. The acquisition represents a rapid exit for the company and its investors, which include Team8, NFX, Battery Ventures, and Picture Capital.
The deal, first announced two months ago, is also part of a broader pattern in Palo Alto Networks’ growth strategy. With Koi, the company has acquired 12 Israeli cybersecurity firms since 2014, accounting for half of its 24 significant global acquisitions over that period. These deals have supported its expansion from network security into cloud security, endpoint protection, DevSecOps, and identity management.
Previous Israeli acquisitions include Cyvera (2014), LightCyber (2017), Secdo (2018), and a series of deals in 2019 such as Twistlock, PureSec, and Demisto. More recent additions include Bridgecrew (2021), Cider Security (2022), Dig Security (2023), and Talon Cyber Security (2023). In 2025, the company completed its largest acquisition to date with the $25 billion purchase of CyberArk.
Koi was founded by veterans of Israel’s Unit 8200 and focuses on securing enterprise endpoints and software supply chains. The company emerged after its founders demonstrated how a malicious extension could be introduced into a widely used developer marketplace, exposing a gap in how organizations monitor third-party software.
Its platform acts as a control layer for incoming software, combining inventory management, real-time risk analysis, and automated enforcement to prevent harmful code from reaching endpoints. The system uses an AI-based engine to analyze software components and identify threats that may not be detected by traditional security tools.
Following the acquisition, Koi’s technology will be integrated into Palo Alto Networks’ Prisma AIRS platform, extending security coverage to AI-driven tools operating at the endpoint. It will also enhance the company’s Cortex XDR offering by improving visibility into risks associated with AI-based software.
Palo Alto Networks has described this approach as a new category of “Agentic Endpoint Security,” aimed at addressing risks created by autonomous software systems. As organizations increasingly deploy AI tools capable of acting independently, these systems are gaining access to sensitive data and critical infrastructure, creating new challenges for traditional security frameworks.
