Traditional endpoint security measures and tools were built around the assumption of human actors, rendering them ineffective in modern environments. Organizations often extend implicit trust to developer tooling and third-party software rather than dedicating resources to managing that trust more thoroughly.
AI-driven agents operating with privileged access represent a categorically different risk, as they are given permissions to act autonomously within enterprise systems, presenting outsized risk that organizations are unequipped to handle. The recent acquisition of Koi by Palo Alto Networks demonstrates an industry leader’s intent to build the necessary capacity for addressing these modern risks.
One Malicious Extension, One Exposed Industry Blind Spot
Prior to the company’s beginning, the founders of Koi demonstrated a supply chain vulnerability through a developer marketplace exploit by showing how a malicious extension could be introduced, shining a light on the failure of organizations to sufficiently monitor third-party software. This demonstration revealed a significant monitoring gap in enterprise software intake, showing that many security and monitoring tools used by organizations fall short against modern threats.
The founding of Koi followed naturally from this intelligence as questions arose regarding the source of the discovered vulnerability and the steps that could be taken to secure software against such flaws in the future. The leap from vulnerability research to product thesis only required the founders to realize the importance of securing the software that secures the enterprise.
What Koi Built—and Why It’s Worth $400M
The value of the company comes from the capabilities of the technology and the quick growth of its recognition among industry peers and investors. Koi established a control-layer architecture including inventory management, real-time risk analysis, and automated enforcement. It also introduced an AI-based detection engine for threats that traditional signature-based security tools are unable to surface.
The company rapidly rose to be worth $400 million due to the conviction of investors like Team8, NFX, and Battery Ventures. Koi’s September 2025 Series A round raised $38 million, signaling the significance of the market timing and the widespread acknowledgment of the industry’s value assessment of the company.
Agentic AI as Attack Surface
The growth of Koi and the acquisition by Palo Alto Networks are driven by the recent boom in agentic AI adoption. Autonomous AI agents are separated from earlier generation of automated tooling by their ability to act alone within enterprise systems, often with extreme privileges. Modern coding agents have an outsized access profile, with persistent sessions, critical system reach, and the ability to view, edit, and even destroy sensitive data.
The proliferation of tools like vibe coding platforms outpaces current security governance models as organizations continue to use agentic and generative AI for crucial operations without ensuring sufficient governance and security beforehand. “These agents operate with access to critical systems and sensitive data, creating the ultimate insider threat,” says Lee Klarich, Chief Product & Technology Officer of Palo Alto Networks. “With the acquisition of Koi, we are delivering the only solution I've seen to secure vibe coding and agentic AI at the endpoint, so our customers don't have to choose between innovation and security.”
Agentic Endpoint Security and the Single Control Plane Bet
Palo Alto Networks frames Agentic Endpoint Security (AES) as a distinct, necessary layer beyond EDR and supply chain security, underlining the importance of agentic safety. Integrating Koi into Prisma AIRS and Cortex XDR will enable Palo Alto Networks to extend visibility to AI operating at the endpoint.
The strategic decision to continue the availability of Koi as a standalone offering signals Palo Alto Networks’ dedication to benefiting every customer with this acquisition. This sends a message about how the company values the creation of the AES category vs. platform lock-in. The company is taking steps to ensure a balance between the growth of the new security category and customer retention in the ecosystem.
Palo Alto's Israeli Acquisition Strategy
This deal is in line with a long-term trend of Palo Alto Networks acquiring Israeli companies, with twelve Israeli acquisitions since 2014. This number constitutes half of the company’s significant global deals within that time period. From the 2014 acquisition of Cyvera to the most recent Koi acquisition, each addition to the Palo Alto Networks team has extended the portfolio into a new attack surface domain, expanding the company’s capabilities. Consistent investment in Israeli cyber talent reveals that Palo Alto Networks sees this as the frontier in cybersecurity.
The Readiness Gap
This acquisition works toward addressing an industry-wide issue regarding organizations being unprepared for the current and continuing rapid adoption of AI tools and agents in enterprise environments. The past several years have demonstrated an extreme AI explosion that many organizations are taking advantage of without sufficiently establishing governance and security policies. Enterprises must understand the ongoing AI security issue before the AES category matures.
The disconnect between current AI tool adoption rates and enterprise security posture is significant, creating major risks for companies implementing AI tools and agents. CISOs should now be evaluating agent inventory, privilege scope, and behavioral monitoring baselines. Organizations face extreme challenges in governing tools that procurement, IT, and security teams all interact with in different ways.
The Security Industry's Agentic Reckoning
This acquisition is a leading indicator of a broader market shift, rather than an isolated deal. The competitive pressure on legacy endpoint vendors to respond to the agentic threat model is growing as more and more enterprise customers come to understand the importance of modern security measures to address modern threats. The way that the industry defines and enforces accountability for AI agents will shape enterprise risk in the coming decade.
