Palo Alto Networks Acquires Israeli AI Security Startup Koi Security for $400M

Palo Alto Networks acquires Koi Security cybersecurity illustration

Palo Alto Networks has agreed to acquire Israeli cybersecurity startup Koi Security for approximately $400 million, according to a report by Israeli business publication Globes. The deal marks the cybersecurity giant's latest move to bolster its endpoint security capabilities with AI-powered threat detection.

Who Is Koi Security?

Koi Security is an Israeli endpoint security company that uses large language models (LLMs) and AI agents to detect malware hidden in applications and browser extensions. The company's technology scans apps and extensions across major platforms including VSCode, Chrome, Edge, Firefox, NPM, and Homebrew.

The company was founded by Amit Assaraf (CEO), Idan Dardikman (CTO), and Itay Kruk (CPO). Despite its relatively young age, Koi Security had raised only $48 million in funding from investors including Battery Ventures, NFX, Team8, and Picture Capital — making the ~$400M acquisition price a significant return for early backers.

Why This Acquisition Matters

The deal comes less than a week after Palo Alto Networks completed its massive $25 billion acquisition of CyberArk, signaling an aggressive consolidation strategy in the cybersecurity space. By acquiring Koi Security, Palo Alto adds a critical capability: AI-native detection of threats that slip through traditional security layers via everyday software tools.

The Growing Threat of Malicious Extensions

Browser extensions and development tool plugins have become an increasingly popular attack vector. Malicious actors disguise malware as legitimate extensions for Chrome, VSCode, and package managers like NPM. Traditional signature-based detection often misses these threats because they evolve rapidly and use obfuscation techniques.

Koi Security's approach — using LLMs to analyze code behavior and AI agents to continuously monitor for suspicious patterns — represents a next-generation solution to this problem.

Palo Alto's AI Security Strategy

Palo Alto Networks has been investing heavily in AI-powered security. The Koi Security acquisition adds specialized endpoint protection capabilities that complement the company's existing portfolio:

  • Cortex XDR — Extended detection and response platform
  • Prisma Cloud — Cloud-native security
  • CyberArk — Identity security (recently acquired for $25B)
  • Koi Security — AI-powered app/extension malware detection

The Israeli Cybersecurity Pipeline

The acquisition further cements Israel's position as a cybersecurity powerhouse. Israeli startups continue to attract major acquisitions from global security leaders, with Palo Alto Networks being one of the most active acquirers in the space.

For Koi Security's investors, the deal represents a strong outcome. With only $48M raised, a ~$400M exit delivers roughly an 8x return — a notable result in a market where many startups struggle to reach profitability.

The Bottom Line

Palo Alto Networks' rapid-fire acquisitions — $25B for CyberArk followed immediately by ~$400M for Koi Security — paint a clear picture of where enterprise security is heading: AI-native, identity-aware, and embedded at every endpoint. As software supply chain attacks grow more sophisticated, the ability to use AI to detect threats in the tools developers and users rely on daily is becoming table stakes.