Following rumors, Palo Alto Networks’ planned acquisition of Koi appears to be a reality. At least, the two parties have announced the intent to come together. It was previously suggested that the acquisition price would be around $400 million, but no amount was mentioned in the announcement.
The One-year-old Israeli security company Koi specializes in endpoint security, with 500,000 of these endpoints already being secured by the company’s software. This makes it a rapidly growing security player.
In addition, there is currently a lot of consolidation taking place within the security market. Palo Alto Networks CEO Nikesh Arora also visited Israel last month to meet with CyberArk employees before the $25 billion acquisition is completed. At the same time, he is said to have evaluated local startups for possible deals. Koi appears to have been one of them.
For investors and founders, a definitive acquisition would ultimately mean a very quick success story. Koi was only founded in 2024 by alumni of the Israeli intelligence unit 8200: Amit Assaraf (CEO), Idan Dardikman (CTO), and Itay Kruk (CPO). The company has raised only $48 million to date, mainly through a $38 million Series A round in September.
From hack experiment to company
Koi’s origins are also remarkable. The founders discovered a major security leak in the VSCode Marketplace. To prove the risk, they built a fake theme extension called “Darcula Official.” That extension secretly sent source code and machine information to their server. Within 30 minutes, it was live on the marketplace.
The damage was surprisingly extensive. Within a week, they had infected more than 300 organizations worldwide, including multi-billion dollar companies, one of the world’s largest EDR developers, and a national judicial network. The experiment led to “ExtensionTotal,” a tool for detecting risky extensions. This subsequently grew into Koi’s broader security platform.
The central component of Koi is called Supply Chain Gateway, which combines software inventory management, risk analysis, policy enforcement, and automatic blocking of dangerous code. Under the hood, it runs Wings, which tests software components and ranks them according to potential dangers.
XDR and EDR in one platform
Koi’s platform is already running at Fortune 50 companies, large financial institutions, and leading tech companies. This demonstrates that there is significant market demand and that the platform is operationally mature.
The potential Koi acquisition is no exception. Palo Alto Networks showed an unprecedented appetite for acquisitions in 2025. After completing the $25 billion CyberArk deal, it acquired Chronosphere for $3.35 billion and Protect AI for $500 million. The focus is on building an integrated security platform in which all components work together seamlessly.