Palo Alto Networks is reportedly exploring the acquisition of Israeli cybersecurity startup Koi in a deal valued at around $400 million, according to a report by CTech. The discussions, which have not been confirmed by either company, highlight the continued consolidation taking place across the global cybersecurity market.
Koi is a young but fast growing player in endpoint and software supply chain security. Founded in 2024, the company focuses on protecting organizations from hidden risks in development tools, extensions, and third party software components. Despite being just one year old, Koi already claims to protect more than 500,000 endpoints worldwide, indicating rapid adoption among large enterprises.
The reported talks come at a time when Palo Alto Networks has been actively expanding its security portfolio through acquisitions. CEO Nikesh Arora recently visited Israel, where he met with CyberArk employees ahead of the completion of Palo Alto Networks’ $25 billion acquisition of the identity security company. During the same visit, he is also said to have evaluated several local cybersecurity startups as potential acquisition targets.
A Rapid Growth Story in Endpoint Security
For Koi’s founders and investors, the reported deal would represent an unusually fast success. The company was founded by former members of Israel’s elite intelligence unit 8200: Amit Assaraf, who serves as chief executive officer, Idan Dardikman, the chief technology officer, and Itay Kruk, the chief product officer. Since its launch, Koi has raised $48 million in total funding, including a $38 million Series A round completed in September.
Koi’s origin story is closely tied to a real world security incident. The founders uncovered a serious vulnerability in the Visual Studio Code Marketplace, one of the most widely used platforms for developer extensions. To demonstrate the risk, they published a fake theme extension called “Darcula Official,” which secretly transmitted source code and system information back to their servers.
The experiment revealed the scale of the problem. Within a week, the extension had compromised more than 300 organizations globally, including large enterprises, a major endpoint detection and response vendor, and a national judicial network. The findings led the team to create ExtensionTotal, a tool designed to identify and assess risky extensions. This tool later evolved into Koi’s broader commercial platform.
Platform Combines Supply Chain and Endpoint Protection
At the core of Koi’s offering is its Supply Chain Gateway, a platform that combines software inventory visibility, risk analysis, policy enforcement, and automated blocking of malicious or vulnerable code. The system is designed to address threats that enter environments through trusted development tools and third party components rather than traditional malware.
The platform is powered by an internal engine called Wings, which analyzes software components and ranks them based on potential security risks. This approach reflects a growing focus in cybersecurity on software supply chain attacks, which have become more frequent and more difficult to detect.
Koi positions its technology as bridging extended detection and response and endpoint detection and response within a single platform. The company reports that its technology is already deployed at Fortune 50 companies, major financial institutions, and large technology firms, suggesting that the platform has reached a level of operational maturity despite its short history.
Consolidation Continues Across Cybersecurity
The reported Koi talks fit into a broader acquisition strategy at Palo Alto Networks. In 2025, the company demonstrated a strong appetite for deals, completing several large acquisitions aimed at building a unified, integrated security platform. Alongside the CyberArk transaction, Palo Alto Networks acquired cloud monitoring firm Chronosphere for $3.35 billion and Protect AI for $500 million.
While similar acquisition rumors in the past have not always materialized, neither Palo Alto Networks nor Koi has denied the current report. If confirmed, the deal would further underline the strategic value of supply chain and endpoint security as enterprises seek broader, more integrated cyber defense platforms.
