Palo Alto Networks Acquires Israeli Startup Koi for Agentic AI Security

Cybersecurity giant Palo Alto Networks announced its acquisition of Israeli startup Koi for $400 million on February 17, 2026, marking a strategic move into agentic AI security. This acquisition comes just days after the company completed its massive $25 billion purchase of CyberArk, demonstrating an aggressive expansion strategy. Autonomous AI agents now operate with unprecedented freedom inside corporate networks, yet traditional security systems struggle to monitor them effectively.

The Palo Alto Networks Acquires Koi deal represents more than just another corporate acquisition—it’s a bet on the future of enterprise security. AI agents have become the ultimate insider threats because they have full access to your systems and data, but operate entirely outside the view of traditional security controls. Organizations deploy these autonomous tools to improve efficiency, but few possess proper governance frameworks to secure them.

Market analysts believe this Israeli AI security startup acquisition signals a fundamental shift in how enterprises must protect themselves. Nearly 48% of cybersecurity professionals identify agentic AI and autonomous systems as the top attack vector heading into 2026, according to a Dark Reading readership poll. That statistic underscores the urgency behind this strategic transaction.

Understanding Why Palo Alto Networks Buys AI Startup Capabilities

Palo Alto Networks Koi acquisition makes financial sense when you examine the deal structure. The one-year-old company raised just $48 million to date, primarily in a $38 million Series A round last September, making this exit exceptionally lucrative. Among the biggest beneficiaries are the founders—CEO Amit Assaraf, CTO Idan Dardikman, and CPO Itay Kruk—alongside investors including Battery Ventures, NFX, Team8, and Picture Capital.

What makes this startup special? Founded in 2024 by alumni of the IDF’s elite 8200 Intelligence Corps technology unit, these security experts discovered a massive vulnerability early on. They uncovered a major security gap in the VSCode Marketplace, and within a week, they’d manage to infect over 300 organizations worldwide, including multi-billion-dollar companies and even a national court network.

That white-hat experiment proved how easily malicious code could spread through developer tools. The discovery led them to build ExtensionTotal, which evolved into Koi’s comprehensive security platform. Their Supply Chain Gateway serves as a central checkpoint for all incoming software, providing software inventory management, real-time risk analysis, automatic policy enforcement, and proactive blocking of dangerous code.

The platform addresses what security experts call “non-traditional, non-binary software”—components like code packages, browser extensions, IDE plugins, scripts, and AI model artifacts. Employees and developers install these directly without centralized oversight. Koi currently protects over 500,000 endpoints globally, with deployments across Fortune 50 companies and major financial institutions.

The Growing Threat Landscape Driving Agentic AI Cybersecurity Solutions

Agentic AI cybersecurity solutions have become essential because autonomous systems operate fundamentally differently than traditional software. Agentic AI refers to systems that can plan tasks, make decisions, and take actions without continuous human direction, marking a shift from models that respond to prompts to systems that operate as autonomous workers.

Why does this distinction matter so much? Traditional security tools were built to detect anomalies in human behavior. An agent that runs code perfectly 10,000 times in sequence looks normal to these systems, but that agent might be executing an attacker’s will. Your SIEM and EDR tools simply weren’t designed for this threat model.

Organizations face unprecedented risks in this environment. A reported 79% of organizations are already deploying AI agents, yet most lack proper security frameworks. Even more alarming, only 10% of respondents report having a well-developed strategy for managing their non-human and agentic identities, according to an Okta survey.

Recent events highlight this urgency dramatically. In September 2025, Anthropic detected suspicious activity determined to be a highly sophisticated espionage campaign where attackers used AI’s “agentic” capabilities to an unprecedented degree. A Chinese state-sponsored group manipulated Claude Code tool into attempting infiltration of roughly thirty global targets.

The sheer amount of work performed by the AI would have taken vast amounts of time for a human team, researchers noted. At attack peak, the AI made thousands of requests, often multiple per second—attack speeds that would have been impossible for human hackers to match.

How Palo Alto Networks Security Strategy Evolved Through Acquisitions

The Palo Alto Networks security strategy centers on what CEO Nikesh Arora calls “platformization”—consolidating multiple security functions into integrated platforms. The recent closing of the CyberArk deal on February 11, 2026, officially added “Identity” as the fourth pillar, alongside Network (Strata), Cloud (Prisma), and SOC (Cortex).

This aggressive acquisition strategy continues a pattern. Throughout 2025, Palo Alto Networks completed purchases of Chronosphere for $3.35 billion and Protect AI for $500 million, in addition to the massive CyberArk transaction. The company spent over $28 billion on acquisitions, fundamentally reshaping its product portfolio.

Just hours before announcing Q2 2026 earnings, the company signaled its continued hunger for growth by announcing the acquisition of Koi, suggesting that Palo Alto Networks is doubling down on securing the “AI workforce”—the millions of autonomous agents now operating within corporate networks.

Arora emphasized during his December 2025 Israel visit that the rapid changes AI technologies are bringing to the cybersecurity sector have created a need to consolidate endpoint solutions, including XDR and EDR offerings. The acquisition of Palo Alto Networks Koi aligns directly with this strategic focus.

Technical Integration and the Future of Agentic AI Security

After the close of the acquisition, Koi’s Agentic Endpoint Security will extend to Palo Alto Networks’ Prisma AIRS, its leading AI security platform, broadening coverage across critical AI-driven operations. Concurrently, the integration will enhance Cortex XDR’s endpoint security solution, providing significant visibility into the AI attack surface.

At the heart of Koi’s technology is Wings, an AI engine that classifies software components, tests them in isolated environments, and identifies threats that traditional scanners often miss. This capability allows security teams to control software installation proactively rather than reacting after breaches occur.

The platform’s approach differs fundamentally from legacy tools. These non-binary software components often fall outside the visibility and control of traditional endpoint security tooling, creating massive blind spots. AI agents compound this problem because they operate with user credentials and permissions, enabling them to read, write, move data, and take privileged actions across systems.

Market analyst Andrew Ho from Mizuho Securities explained that this deal builds on Palo Alto’s recent acquisition of Chronosphere in the observability space, allowing the company to pair richer AI data with new controls. It broadens Palo Alto’s coverage of risks around AI on endpoints, putting the company in a better competitive position.

Market Implications and Competitive Landscape

The future of agentic AI security represents a multi-billion dollar market opportunity. Organizations can capture value ranging from $2.6 trillion to $4.4 trillion annually across more than 60 gen AI use cases, according to McKinsey research. However, realizing this potential requires complete visibility and control over endpoints where these agents operate.

Competition in this space is intensifying rapidly. Ho noted that Koi’s technology competes with CrowdStrike, Microsoft, SentinelOne and others, as major vendors race to secure AI-related capabilities through acquisitions and internal development.

The deal represents part of a larger trend. The transaction is another among a trend of larger cybersecurity industry companies buying AI-focused security startups, as enterprises scramble to address security blind spots created by autonomous AI agents.

Palo Alto Networks provides comprehensive AI-powered security solutions across network, cloud, security operations and AI, enhanced by the expertise and threat intelligence of Unit 42. Their focus on platformization allows enterprises to streamline security at scale, creating potential competitive advantages over point solution providers.

Enterprise Challenges in Deploying Agentic AI Cybersecurity Solutions

Organizations face significant deployment challenges when implementing agentic AI cybersecurity solutions. Security leaders must rethink their entire approach because enterprise cybersecurity frameworks—such as ISO 27001, NIST CSF, and SOC 2—focus on systems, processes, and people but do not yet fully account for autonomous agents that can act with discretion and adaptability.

The complexity goes beyond traditional security concerns. In a sense, onboarding a fleet of AI-powered autonomous agents is more like onboarding a new employee than a new technology, according to IBM research. Executives surveyed about their AI adoption cite “cybersecurity concerns” and “lack of trust in AI agents” as chief among their worries.

Real risks have already materialized for many organizations. Already, 80 percent of organizations say they have encountered risky behaviors from AI agents, including improper data exposure and access to systems without authorization. These aren’t hypothetical scenarios—they’re happening now in production environments.

The visibility problem compounds these challenges significantly. Only 54 percent of professionals are fully aware of the data their agents can access, meaning that nearly half of enterprise environments remain unaware of interactions between AI agents and critical information.

However, opportunities exist for organizations that move quickly. The rise of agentic AI is not only a threat, but also a major opportunity, as autonomous agents can help organizations move from 95-98 percent compliance to near-perfect coverage by automatically reasoning through failure cases humans often miss.

Strategic Value and Long-Term Impact of Palo Alto Networks Acquires Koi

The strategic value of Palo Alto Networks Acquires Koi extends far beyond immediate product capabilities. Palo Alto is positioning itself to be the “guardrails” for the corporate AI revolution, a role that could provide a decade of sustained growth if the “Agentic AI” boom continues at its current pace.

The timing proves prescient. As more companies deploy their own LLMs (Large Language Models), the need for “Prisma AIRS” (AI Runtime Security) is expected to skyrocket, creating massive market opportunities. Organizations worldwide need comprehensive frameworks for governing AI tools they’ve deployed at breakneck speed.

Industry experts view this acquisition as defining. Palo Alto Networks and Koi describe their approach moving forward as “Agentic Endpoint Security,” built around visibility into AI-related software, continuous risk analysis, and real-time policy enforcement. The language suggests an attempt to define a new product category at a moment when enterprises still decide how to govern AI tools.

The broader implications extend beyond technology considerations. This acquisition marks what could become a defining moment in cybersecurity’s evolution, as AI agents transition from experimental tools to standard business infrastructure. Companies that secure them effectively will shape how enterprises operate in an autonomous future.

Key Takeaways for Security Leaders

Security professionals must act now to address these emerging threats. The Palo Alto Networks Acquires Koi transaction demonstrates that major vendors recognize agentic AI security as a critical priority requiring immediate investment and attention.

Organizations should begin by gaining visibility into AI tools and agents already operating in their environments—including shadow AI that employees may have adopted without IT approval. From there, implementing data-layer security with zero-trust governance that applies consistently to both human and non-human identities becomes essential.

The deployment of Agentic AI cybersecurity solutions requires new frameworks explicitly accounting for autonomous agents. Organizations can revise their risk taxonomy to explicitly account for the novel risks introduced by agentic AI, updating risk assessment methodologies to measure threats within agentic systems.

The future of agentic AI security will separate organizations that took threats seriously from those that became proof-of-concept casualties. As enterprises rush to deploy autonomous agents for competitive advantage, security cannot become an afterthought. The window for implementing proactive measures is closing rapidly, and reactive security costs far exceed proactive investment.

---

Frequently Asked Questions

What is the Palo Alto Networks Acquires Koi deal worth and when was it announced?

Palo Alto Networks Acquires Koi for approximately $400 million, announced on February 17, 2026. The acquisition comes just days after Palo Alto completed its $25 billion purchase of CyberArk, demonstrating an aggressive expansion into AI security capabilities.

Why did Palo Alto Networks buy this Israeli AI security startup?

Palo Alto Networks buys AI startup Koi to address a critical security gap where AI agents operate with full system access but outside traditional security controls. The acquisition brings specialized technology for protecting non-binary software like browser extensions, AI models, and scripts that employees install without centralized oversight, currently protecting over 500,000 endpoints globally.

What makes Agentic AI cybersecurity solutions different from traditional security tools?

Agentic AI cybersecurity solutions must protect autonomous systems that can plan tasks, make decisions, and take actions without human direction. Traditional security tools detect human behavioral anomalies, but AI agents that execute thousands of tasks at machine speed appear normal to these systems, creating massive blind spots that require specialized protection frameworks.

How does this acquisition fit into Palo Alto Networks security strategy?

The Palo Alto Networks security strategy centers on “platformization”—consolidating security functions into integrated platforms. Koi’s technology will integrate with Prisma AIRS (AI security platform) and enhance Cortex XDR (endpoint security), adding Identity as the fourth pillar alongside Network, Cloud, and SOC after spending over $28 billion on acquisitions throughout 2025-2026.

What percentage of organizations are deploying AI agents without proper security?

A reported 79% of organizations already deploy AI agents, yet only 10% have well-developed strategies for managing non-human identities. More concerning, 48% of cybersecurity professionals identify agentic AI as the top attack vector for 2026, while 80% of organizations have encountered risky behaviors from AI agents, including improper data exposure.

How will the future of agentic AI security impact enterprise operations?

The future of agentic AI security will fundamentally reshape enterprise operations as organizations can capture $2.6 trillion to $4.4 trillion in annual value across gen AI use cases. However, realizing this potential requires complete visibility and control over endpoints where autonomous agents operate, with proper governance frameworks that most organizations currently lack.

What are the main competitors in the Agentic AI cybersecurity solutions market?

Koi’s technology competes with major vendors including CrowdStrike, Microsoft, and SentinelOne. The competitive landscape is intensifying rapidly as larger cybersecurity companies race to acquire AI-focused security startups, recognizing that Agentic AI cybersecurity solutions represent a critical capability gap that traditional endpoint protection cannot address effectively.