Palo Alto to acquire Israeli startup Koi for agentic AI security

Palo Alto Networks has entered an agreement to buy agentic endpoint security vendor Koi. Financial details were not disclosed, but some news outlets have estimated the deal is valued at around $400 million. Members of Israel’s cyber warfare and intelligence group, Unit 8200, founded Koi in 2024 to focus on building technology to protect what the company calls non-traditional, non-binary software, such as code packages, browser extensions, IDE plugins, scripts, local servers such as Model Context Servers, containers and model artifacts. These non-binary software components “are installed directly by employees and developers without centralized oversight. Because these components are not classic binaries, they often fall outside the visibility and control of traditional endpoint security tooling,” wrote Hadar Oren, senior vice president of product management for Cortex at Palo Alto Networks, in a blog post about the news. “AI agents compound this problem. They are legitimate tools that operate with the user’s credentials and permissions, enabling them to read, write, move data and take privileged actions across systems. When compromised or misused, agents become the ‘ultimate insider.’” Attackers are chaining exploits in agent frameworks — from authentication bypass to API-based remote code execution — while spoofing agent identities and hijacking credentials to weaponize trusted automation, according to Oren. “We are convinced that agentic endpoint security will soon become a standard requirement for enterprise security,” Oren wrote. After the close of the acquisition, Koi’s Agentic Endpoint Security will be integrated with Palo Alto Networks’ AI security platform, Prisma AIRS. Prisma AIRS features AI model scanning, which lets enterprises safely adopt AI models by scanning them for vulnerabilities and secure the AI ecosystem against risks such as model tampering, malicious scripts, and deserialization attacks. Posture management provides enterprises with insight into their security posture as related to the AI ecosystem and exposes risks such as excessive permissions, sensitive data exposure, platform misconfigurations, and access misconfigurations, according to Palo Alto. “We believe Palo Alto is extending its platformization strategy deeper into AI with its acquisition of Koi as it can offer control and visibility of AI agents, plug-ins, and nontraditional software that have privileged access abilities on an endpoint. In our view, this deal builds on Palo Alto’s recent acquisition of Chronosphere in the observability space as it allows the company to pair richer AI data with new controls,” wrote Jonathan Ho, a research analyst with William Blair Equity Research, in a report on the deal. “We believe this should help Palo Alto better secure the lifecycle around AI from infrastructure and data to agents and endpoints, and we view this deal as the latest in Palo Alto’s moves to benefit from AI spending and security…it broadens Palo Alto’s coverage of risks around AI on endpoints, which should put the company in a better competitive position for the future as endpoint security evolves to include the governance of AI agents and autonomous workloads on those endpoints,” Ho stated. Ho said Koi’s technology competes with CrowdStrike, Microsoft, SentinelOne and others. The Koi deal comes just one week after Palo Alto closed its acquisition of CyberArk, which also tackles the protection of enterprise AI assets. In a blog about the CyberArk deal, World Wide Technologies stated: “It raises the bar for AI security. “Every vendor is claiming ‘AI security.’ Most of it is detection, guardrails, and posture. But the AI era introduces a new identity class: agentic processes that can initiate actions, call tools, use credentials, and persist across workflows. If AI agents are granted privileges, then the question becomes: Who governs the privilege of an agent that never sleeps?” WWT stated. “CyberArk has been messaging identity security for AI agents and non-human identities; Palo Alto is explicitly tying the acquisition to securing “human, machine, and AI identities” at scale. Whether the market fully agrees yet doesn’t matter. This acquisition forces the conversation into the open,” WWT stated.