Palo Alto Networks has entered a definitive agreement to acquire Koi, a pioneering Israeli startup in agentic endpoint security, addressing critical gaps in AI-driven environments. Announced on February 16-17, 2026, this move targets visibility and protection for AI agents that operate like insiders on endpoints.
What is Agentic Endpoint Security?
Koi specializes in securing non-binary software such as AI agents, plugins, scripts, browser extensions, and local servers that bypass traditional controls.Founded in 2024 by IDF Unit 8200 alumni—previously behind Canonic (acquired by Zscaler)—Koi protects over 500,000 endpoints for Fortune 50 firms and financial institutions.
Traditional endpoint tools are “blind” to these autonomous components, which employees install without oversight, creating new attack surfaces.
Deal Highlights and Timeline
The acquisition, estimated at $400 million by reports (though undisclosed officially), follows Palo Alto’s massive spree: $25B CyberArk, $3.35B Chronosphere, and $500M Protect AI—all in 2025-2026. Koi raised $48M, including a $38M Series A backed by Team8, NFX, and Battery Ventures.
Regulatory approvals are pending; more details emerged on Palo Alto’s Q2 FY2026 earnings call on February 17.
Strategic Integration and Quotes
Koi’s platform will enhance Prisma AIRS (AI security) for broader AI operations coverage and Cortex XDR for better malware prevention and policy enforcement.
Lee Klarich, Palo Alto’s Chief Product Officer, emphasized AI agents as the “ultimate insiders” needing governance.[ from prior] Amit Assaraf, Koi CEO, stated: “We founded Koi to secure the next frontier of risk. Joining forces with Palo Alto Networks will allow us to scale our technology to the world’s largest organizations.”
Why It Matters for Cybersecurity Pros
This defines “agentic endpoint security” as the next frontier, amid rising AI-native risks in enterprise endpoints.For analysts tracking threats, it signals Palo Alto’s aggressive push into AI supply chain and endpoint visibility—critical as autonomous tools proliferate.Expect integrations to roll out post-close, strengthening defenses against evolving malware tactics.
Pingback: TheCyberThrone CyberSecurity Newsletter Top 5 Articles – February 2026 – TheCyberThrone