Palo Alto Networks acquires Koi Security for $400M to advance agentic endpoint security

Palo Alto Networks acquires file security startup Koi for reported $400M - SiliconANGLE

Palo Alto Networks acquires file security startup Koi for reported $400M Palo Alto Networks Inc. is acquiring Koi Security Ltd., a startup that helps enterprises prevent their employees from downloading risky files. The companies announced the deal today without disclosing the financial terms. According to Calcalist, the transaction is worth $400 million. Tel Aviv-based Koi previously raised $48 million from Battery Ventures and other investors. The parts of an application that can perform tasks such as modifying a database are usually stored as so-called binary files. However, binary files aren't the only type of software asset that can be found in a corporate network. There are also scripts, code editor plug-ins, browser extensions, artificial intelligence training datasets and many other files. Koi has developed a cybersecurity platform that is specifically focused on such files. The platform's first core selling point is that it can help companies block risky downloads. Developers often pull files such as AI training datasets from third-party websites. When a user navigates to a website that hosts such files, Koi replaces the download button with a "request approval" button. The platform determines whether to approve a download by evaluating a long list of factors. It checks whether the developer of a given file is associated with malicious activity and analyzes the file's code. Furthermore, Koi studies how that file behaves when it's opened by users. The platform analyzes the network traffic generated by the file and the changes that it makes to the host machine. Many files, particularly the open-source components that developers incorporate into software projects, receive updates from their publishers. Such code changes represent a potential attack vector. Koi includes a tool that detects when an update is rolled out to a file and delays its installation, which gives administrators time to search for risks. Koi monitors files after they're downloaded using a built-in threat detection engine. Risky items are displayed in a dashboard that provides remediation features. Administrators can remove a file, isolate it from the corporate network or, if the security risk relates to a recent update, roll it back to a previous version. Palo Alto Networks plans to integrate Koi's technology with its Cortex XDR and Prisma AIRS platforms. The former offering is an endpoint security product designed to protect cloud instances, employee devices and other technology assets. Prisma AIRS, in turn, has a narrower focus on protecting AI workloads.

Palo Alto Networks To Acquire 'Agentic Endpoint' Security Startup Koi

The startup offers capabilities for boosting visibility and protection for AI agent usage on endpoint devices. Palo Alto Networks announced Tuesday it has reached a deal to acquire Koi, a startup offering capabilities for boosting visibility and protection for AI agent usage on endpoint devices. Terms of the acquisition were not disclosed. A Calcalist report in January had indicated Palo Alto Networks was in discussions to acquire Koi for $400 million. [Related: Palo Alto Networks CEO: Surging 'AI Cycle' Driving Billion-Dollar Acquisitions] Koi was founded in 2024 by a team that was previously behind SaaS security company Canonic, which was acquired by Zscaler in 2023. The technology offered by Koi forms the basis for what Palo Alto Networks called the new cybersecurity category of "agentic endpoint security." The cybersecurity giant plans to integrate Koi's capabilities into its AI security platform, Prisma AIRS, the vendor said in a news release Tuesday. The Koi technology will also bolster Palo Alto Networks' endpoint security offering, Cortex XDR, through delivering greater visibility across AI attack surfaces. The result will be enhanced prevention of malware and improved adherence to security policies, the company said. In October 2025, Palo Alto Networks launched the new version of its AI security platform, Prisma AIRS 2.0, which included the full integration of capabilities from the acquisition last year of Protect AI. The update enabled Prisma AIRS to provide in-line defense against a range of AI security threats -- including prompt injection, malicious agents and tool misuse -- in real time, according to Palo Alto Networks. The acquisition deal for Koi comes a week after Palo Alto Networks completed its $25 billion acquisition of CyberArk, a deal similarly aimed at boosting the vendor's security capabilities around agentic AI. The deal also follows the completion of Palo Alto Networks' $3.35 billion acquisition of observability provider Chronosphere in late January.