Palo Alto Networks has completed the acquisition of Koi in a deal estimated at $400 million, strengthening its push into AI security and software supply chain protection.
Koi, which raised $48 million including a $38 million Series A round, specializes in tools that monitor third-party software and protect enterprise endpoints.
Its technology will now be integrated into Palo Alto’s Prisma AIRS and Cortex XDR platforms, expanding capabilities in detecting and mitigating emerging cyber threats.
The acquisition also marks Palo Alto’s 12th Israeli cybersecurity acquisition since 2014, underscoring the country’s strategic importance in global cybersecurity innovation.
Key Highlights
- Palo Alto acquires Koi in $400M deal to boost AI security
- Targets software supply chain and AI agent risks
- Koi tech to integrate into Prisma AIRS and Cortex XDR
Also Read: Palo Alto Expands Israel Office After CyberArk Deal
Koi gained attention for a unique experiment to demonstrate vulnerabilities in developer ecosystems. Its founders released a fake Visual Studio Code extension called “Darcula Official,” which secretly transmitted developers’ source code and system data to an external server.
Within a week, it reached over 300 organizations, including a major Endpoint Detection and Response (EDR) vendor and a national court network, even appearing on the VS Code Marketplace front page.
This experiment highlighted a critical gap in traditional security approaches, which often focus on executables and operating systems while overlooking risks from non-executable components such as developer packages, IDE extensions, containers, AI models, and Model Context Protocol servers. These components vastly outnumber executable files and often remain unmanaged.
Palo Alto is positioning the acquisition under a new category called Agentic Endpoint Security (AES), aimed at protecting AI agents that can access sensitive data and systems. The company describes these agents as a potential “ultimate insider threat.”
Also Read: Palo Alto Cuts Profit Outlook After CyberArk Deal
The strategy shifts security focus upstream to the software supply chain, ensuring protection before threats reach endpoints. Koi will continue as a standalone product, capable of integrating with both Palo Alto and third-party EDR solutions.
Click Here For The Original Source.
