Palo Alto Networks is circling one-year-old Israeli cybersecurity startup Koi in a potential acquisition that industry reports peg at roughly $400 million. If the talks result in a signed deal, the buyout would give the Santa Clara company an extra boost in endpoint and software supply chain defenses at a time when AI is reshaping how organizations secure developer tools and third-party packages.
Deal Reported By Israeli Outlets
The talks first surfaced in Israeli business media, with CTech reporting that Palo Alto Networks is in negotiations to acquire Koi for about $400 million and that CEO Nikesh Arora visited Israel last month to meet with local teams. Globes adds that a preliminary memorandum of understanding has already been signed as both sides work through final terms.
How Koi Got Here
Koi was founded in 2024 by Amit Assaraf, Idan Dardikman and Itay Kruk and has raised about $48 million so far, including a $38 million Series A round last September, according to a company release. Backers include Team8, NFX, Battery Ventures and Picture Capital, investors who would be looking at a remarkably quick exit if the Palo Alto Networks talks end in a sale.
The VSCode Experiment That Raised Alarms
The founding team made an early splash with a controlled stunt in the Visual Studio Code marketplace. They uploaded a fake theme called “Darcula Official” that, in their internal test, quietly exfiltrated source files and machine details to a server. Within days, the proof-of-concept reached hundreds of organizations and even hit the VSCode marketplace front page, according to CTech. That experiment later evolved into tooling the company now sells to detect and block risky extensions and packages.
Palo Alto's Acquisitive Playbook
Palo Alto Networks has been on an acquisition tear as it builds out AI and identity security capabilities. The company announced an agreement valued at roughly $25 billion for identity security firm CyberArk, according to a Palo Alto Networks press release, and separately unveiled a $3.35 billion deal for observability company Chronosphere, as reported by Reuters. The vendor also acquired Protect AI for about $500 million as it pushes to control more of the AI security stack, according to industry coverage.
What Koi Actually Sells
Koi's flagship product, called the Supply Chain Gateway, is marketed as a central checkpoint that inspects packages, extensions, AI models and other non-binary software before it ever hits endpoints. Under the hood, the company's Wings engine uses AI to score, sandbox and block risky items in real time, according to Koi. Company materials and press filings say the platform is already deployed at large enterprises and protects hundreds of thousands of endpoints worldwide.
What To Watch Next
For now, the numbers and terms are still unofficial as both sides run through due diligence. Globes reports that a preliminary memorandum of understanding is in place while negotiations continue. Any final transaction would be subject to the usual closing conditions and regulatory reviews, language Palo Alto Networks used when it announced its CyberArk agreement in its public materials.
If the deal closes, it would mark a lightning-fast exit for a one-year-old startup and another data point in the trend of established security giants buying specialized shops to plug AI-era security gaps. Watch for formal filings and company statements in the coming weeks.
