Palo Alto's $400M Koi Bet Tackles the 'Ultimate Insider' Threat of AI

SANTA CLARA, CA – February 17, 2026 – Cybersecurity giant Palo Alto Networks today announced a definitive agreement to acquire Koi, a pioneer in a new and rapidly emerging security field, for a price reported to be approximately $400 million. The acquisition targets what the companies call the “Agentic Endpoint”—the burgeoning ecosystem of AI agents, plugins, and automated tools that have become integral to modern work but operate largely beyond the reach of traditional security.

This strategic move aims to address a critical vulnerability in the enterprise: the AI tools that employees are increasingly using to boost productivity. These agents often possess deep access to sensitive corporate data and systems, acting as “ultimate insiders” with permissions that can be exploited by attackers. With the acquisition of Koi, Palo Alto Networks is making a significant bet that securing these AI agents is the next major frontier in cybersecurity, a move that could redefine endpoint protection for the AI-native era.

The New Imperative: Agentic Endpoint Security

The rise of generative AI has created a dangerous paradox. While AI agents promise unprecedented productivity gains, they also introduce a novel and unmanaged attack surface. Unlike traditional malware, which often involves a malicious file, the threat from AI agents is far more subtle and profound. These agents are not just files; they are active processes that can read, write, move data, and execute commands, often with elevated privileges.

This new reality has rendered conventional security measures, built to find and block bad files, largely ineffective. The industry is now grappling with a host of new threats, including:

• Prompt Injection: Attackers can feed malicious instructions to an AI agent, tricking it into performing unauthorized actions or leaking sensitive data.
• Identity and Token Compromise: AI agents rely on API keys and access tokens to function. If these are stolen, attackers can impersonate the agent and gain access to all the systems it is connected to.
• Shadow AI: Employees and departments often adopt AI tools without IT oversight, creating a massive blind spot for security teams who have no visibility into what data these unsanctioned agents are accessing or what actions they are taking.

This evolving threat landscape has created what Palo Alto Networks calls a “critical new blind spot,” necessitating a new category of protection: Agentic Endpoint Security. It’s a paradigm shift from securing static endpoints to governing dynamic, autonomous agents.

“AI agents and tools are the ultimate insiders. They have full access to your systems and data, but operate entirely outside the view of traditional security controls,” said Lee Klarich, Chief Product & Technology Officer at Palo Alto Networks, in the press release announcing the deal. “By acquiring Koi, we will be closing this gap and setting a new standard for endpoint security.”

A Strategic Bet on Platformization

The acquisition of Koi is more than just a technology purchase; it is a cornerstone of Palo Alto Networks' broader “platformization” strategy. The company has been aggressively consolidating security functions into a single, integrated platform, and the Koi deal extends this strategy directly into the heart of the AI revolution. For Koi, which had raised $48 million in funding, the reported $400 million acquisition represents a remarkably swift and successful exit for its founders and investors.

Following the close of the transaction, Koi's technology will be woven into two of Palo Alto Networks' flagship platforms. It will extend Prisma AIRS™, the company's AI security platform, to provide broader coverage for AI-driven operations. Simultaneously, it will enhance the Cortex XDR® endpoint security solution, providing crucial visibility into the AI attack surface to improve threat detection and security policies.

This move follows other significant AI-focused acquisitions by the cybersecurity leader, including the $3.35 billion purchase of observability firm Chronosphere in late 2025 and the massive $25 billion acquisition of CyberArk. Together, these deals signal a concerted effort to build a comprehensive security ecosystem that can protect the entire lifecycle of AI in the enterprise—from the underlying infrastructure and data to the agents operating on the endpoint.

Racing to Close the AI Security Gap

Palo Alto Networks is not alone in recognizing the urgency of this new threat landscape. The entire cybersecurity industry is scrambling to address the risks posed by AI. Market research indicates that while over 80% of organizations are already using AI agents, less than half have security policies in place to govern them. This chasm between adoption and protection represents a massive market opportunity and a critical security imperative.

Competitors like CrowdStrike, Microsoft, and SentinelOne are also developing AI-centric solutions, while a new generation of startups is emerging to tackle specific aspects of AI security. Analyst firms are validating the trend, with firms like Forrester and IDC creating new frameworks like the “AEGIS Framework” to help organizations govern AI agents, recognizing that a “trust-first” approach is needed for these automated systems.

In this competitive race, the Koi acquisition positions Palo Alto Networks as a first-mover in defining the Agentic Endpoint Security category. The goal is to provide organizations with the confidence to deploy agentic tools by making them secure by design.

“We founded Koi to secure the next frontier of risk. In an agentic-first world, traditional solutions are blind,” stated Amit Assaraf, CEO and Co-Founder of Koi. “Joining forces with Palo Alto Networks will allow us to scale our technology to the world's largest organizations, delivering protection that makes work on the modern AI-native endpoint secure by design.”

As enterprises continue their rapid adoption of AI, the ability to see, govern, and protect the agents carrying out automated work will become a non-negotiable aspect of corporate security. This acquisition signals that the battle to secure the future of work has officially begun.