Palo Alto Networks Moves to Secure Agentic Endpoints with Koi Deal
Palo Alto Networks has agreed to acquire Israeli startup Koi Security, marking a timely strategic push to confront the risks of AI agents operating inside corporate systems with broad access to data yet limited oversight.
Palo Alto Networks plans to integrate Koi’s technology, known as Agentic Endpoint Security, into its Prisma AIRS AI security platform and extend related capabilities into Cortex XDR, its endpoint protection suite. The goal is to give enterprises clearer visibility into which AI agents and extensions are active across a company’s many devices and virtual machines.
Palo Alto said the acquisition addresses a structural shift in how applications are built and used. For many employees, the application is no longer a single program. In their view, it is a composite of browsers, numerous extensions, third-party APIs and increasingly autonomous AI tools.
That mixed environment creates a kind of shadow infrastructure. The obvious security vulnerabilities have prompted major concerns about agentic security, which makes the Koi purchase a natural move in today’s security sector.
The terms of the deal were not disclosed, but industry experts put it at approximately $400 million.
Monitor and Govern Software on Endpoints
Koi was founded in 2024 by alumni of Israel’s Unit 8200 intelligence division. The company initially drew attention after demonstrating how a seemingly harmless extension uploaded to a popular developer marketplace could quietly extract sensitive information. That proof-of-concept exposed how unvetted extensions could enter enterprise environments.
From that experiment, Koi built a broader platform designed to monitor and govern software components installed on endpoints. Its system lists an extensive array of potential security risks, including browser extensions, plugins, AI models and other packages, and evaluates their risk profile and enforces policies before they are deployed.
Driving the platform is an AI-based analysis engine that classifies software components, tests them in controlled environments and flags suspicious behavior.
Employees often install productivity tools directly from semi-known sites, bypassing formal approval processes. While these tools may be useful, their activity may not trigger conventional endpoint detection systems, and they can introduce vulnerabilities like credential theft. In some cases, attackers impersonate legitimate automation tools or exploit weaknesses in agent frameworks to gain access to sensitive systems.
Koi’s approach shifts the emphasis from detecting malicious behavior after execution to evaluating components before they are installed. By acting as a gatekeeper for extensions and AI agents, the platform aims to reduce risk without forcing organizations to block productivity tools outright.
AI Reshapes Cybersecurity
Koi, which has raised roughly $48 million to date, says its technology currently protects more than 500,000 endpoints globally and is deployed within major financial institutions and Fortune 50 companies.
The acquisition fits into Palo Alto Networks’ larger consolidation strategy as it continues to develop its security portfolio, including acquiring CyberArk for $25 billion and a $3.35 billion deal to purchase Chronosphere. Palo Alto CEO Nikesh Arora has argued that AI is reshaping cybersecurity at a pace that requires far tighter integration of endpoint and identity protections.
For the cybersecurity community, the deal highlights that security has moved far beyond blocking malicious files, and now requires an ever more complex response to autonomous agents that move with real credential through many areas of the enterprise.
