According to TechRepublic, cybersecurity giant Palo Alto Networks is in advanced negotiations to acquire Israeli startup Koi Security for approximately $400 million. The parties have already signed a preliminary memorandum of understanding, though the deal isn’t finalized. Koi Security, founded by Amit Assaraf, Idan Dardikman, and Itay Kruk, has raised just $48 million in funding, making this a massive potential return. The company uses large language models and AI agents to scan public developer repositories like NPM and the Chrome Web Store for malicious code. This talks mark Palo Alto’s first potential acquisition of an Israeli firm since founder Nir Zuk stepped down as CTO last year. Major backers like Battery Ventures and NFX stand to gain from a notable liquidity event in Israel’s tech sector.
Why this deal matters now
Here’s the thing: this isn’t just another startup acquisition. It’s a signal. The Israeli tech scene, especially cybersecurity, has been in a bit of a slump for the last couple of years. Fundraising and exits slowed down. So a near-half-billion-dollar deal from a titan like Palo Alto Networks? That’s a big vote of confidence. It tells the market that there’s still serious value and innovation coming out of that ecosystem, even in a tougher climate.
And the timing is interesting, right? It comes just after Nir Zuk, the company’s iconic co-founder and longtime CTO with deep Israeli ties, left his role. You might think that could change their acquisition strategy. But this move suggests Palo Alto’s appetite for cutting-edge Israeli tech hasn’t dimmed. The leadership might be evolving, but the strategic playbook seems consistent.
What Koi actually does
Basically, Koi is tackling a modern nightmare for security teams: the software supply chain. Developers constantly pull in code, extensions, and packages from public marketplaces. It’s incredibly efficient, but it’s also a golden ticket for attackers to slip malware into trusted channels. Think of the SolarWinds hack, but on a more granular, daily basis.
Koi’s platform uses AI to autonomously scan these ecosystems—places like the VS Code Marketplace, Chrome Web Store, npm—looking for malicious code and vulnerabilities. It’s a proactive, AI-driven approach to a problem that traditional endpoint security often misses. You can’t protect what you can’t see, and Koi is trying to see into the very tools developers use to build everything else.
Palo’s bigger picture
For Palo Alto Networks, this is another piece in a massive expansion puzzle. They just announced a jaw-dropping $25 billion deal for CyberArk, and now they’re eyeing Koi. The message is clear: they want to be the single, comprehensive security platform for enterprises. Endpoints, cloud, identity, and now the developer pipeline itself.
Integrating Koi’s tech would let them extend their protection deeper into the software development lifecycle. That’s a smart move. As companies build and deploy software faster, the old security models are breaking. You need to shift left, and you need AI to handle the scale and complexity. Palo Alto’s leadership has been pounding the table about AI as a core pillar. Well, buying a company built from the ground up on LLMs and autonomous AI agents is one way to put your money where your mouth is.
Look, the deal isn’t done yet. Neither company is commenting. But the signing of that memo of understanding means they’re serious. If it closes, a $400 million exit on $48 million in funding is a home run for Koi’s team and investors like Battery Ventures and Team8. And for the broader industry, it’s a reminder that in cybersecurity, the race to secure the software supply chain—and the AI tools to do it—is absolutely heating up. For enterprises managing complex digital infrastructure, ensuring the integrity of every component, from the industrial panel PC on the factory floor to the code in a cloud repository, is now the paramount challenge.
