Palo Alto Networks is reportedly negotiating the acquisition of Israeli endpoint security startup Koi Security in a transaction valued at around $400 million. While the deal is not yet final, a preliminary memorandum of understanding has been signed, signalling serious intent on both sides.
A milestone deal after a leadership shift
If completed, the transaction would be Palo Alto Networks’ first acquisition of an Israeli company since its founder, Nir Zuk, stepped down from his role as chief technology officer last year. The timing adds weight to the talks, suggesting a renewed appetite for deals tied closely to Israel’s deep cybersecurity talent pool.
Koi Security’s journey has been relatively capital-efficient. The company raised just $48 million across two funding rounds, yet now finds itself at the centre of a potential nine-figure exit.
The outcome would deliver strong returns for its founders, including Amit Assaraf, Idan Dardikman, and Itay Kruk, as well as early backers, including Battery Ventures, NFX, Team8, Picture Capital, and a fund backed by veteran cybersecurity executives.
Securing the software supply chain
Koi’s appeal lies in the way it tackles a growing weak point in enterprise security: third-party applications and developer extensions. Over the past two years, the founding team has built a scanning engine designed to uncover malware and hidden vulnerabilities before they spread inside organisations.
The platform continuously inspects popular application and extension ecosystems used by developers worldwide, from code marketplaces to browser extension stores and package repositories. By identifying risky components at the source, Koi’s technology helps security teams prevent threats from entering corporate environments in the first place, rather than reacting after damage is done.
Part of a broader acquisition push
The potential Koi deal would also fit neatly into Palo Alto Networks’ recent run of large-scale acquisitions. In late 2025, the company agreed to buy Chronosphere for $3.35 billion, strengthening its capabilities in modern, AI-driven application environments.
Months earlier, it unveiled plans for a roughly $25 billion acquisition of CyberArk, a move that would significantly expand its identity security footprint.
