Koi Security
Last updated: May 8, 2026
Koi Security built an agentic endpoint security platform for governing AI agents, MCP servers, code packages, browser extensions, apps, AI models, and other endpoint software that traditional EDR and MDM tools often miss. Palo Alto Networks completed its acquisition of Koi in April 2026.
Visit WebsiteCompany Overview
Koi Security developed a focused security platform for a structural shift in endpoint risk: modern endpoints are no longer defined only by operating systems, binary executables, and managed applications. Developers and business users now install browser extensions, IDE plugins, open-source packages, app-store add-ons, local AI models, MCP servers, coding agents, and autonomous tools that can hold credentials, read files, call APIs, update silently, and execute actions with the permissions of the user or workstation. Koi's thesis is that this "software perimeter" has become a distinct control plane, and that conventional endpoint detection and mobile device management controls were not designed to inventory or govern it at the speed of agentic AI adoption.
The product combines discovery, risk assessment, policy enforcement, and remediation across binary and non-binary software on macOS, Windows, and Linux. Koi's public product materials describe inventory for applications, code and operating-system packages, extensions, AI models, AI agents, MCP servers, and containers; risk scoring through the Wings engine, which evaluates code, behavior, ownership changes, update channels, network egress, and install source; and policy controls that can approve safe software, block risky installs, quarantine or remove problematic items, open tickets, and notify owners. The platform is positioned as agentless and workflow-aware: security teams can apply controls by user, group, risk level, software type, and asset sensitivity without forcing broad bans that slow developers and other high-velocity teams.
Commercial traction appears credible for a company founded in 2024. Koi announced $48 million across Seed and Series A funding in 2025, backed by Battery Ventures, Team8, Picture Capital, NFX, and Cerca Partners. Its own customer materials identify adoption by large security-sensitive organizations and describe a Cambia Health Solutions deployment that mapped 220,000+ software installations across 14 marketplaces and registries, including browser extensions, IDE plugins, open-source packages, and AI tooling. That case study is important because it shows the product value is not limited to an abstract AI security narrative; it also solves older but persistent shadow-IT and software supply-chain visibility gaps that become more urgent as coding agents and MCP servers gain access to internal systems.
Palo Alto Networks first announced its intent to acquire Koi in February 2026 and announced completion on April 14, 2026. Palo Alto positioned the acquisition as defining a new Agentic Endpoint Security category, with Koi extending Prisma AIRS visibility and controls to agentic AI on the endpoint and enabling a Cortex XDR module for identifying and remediating risks in the AI software ecosystem. Palo Alto also stated that Koi's capabilities would remain available as a standalone offering alongside existing EDR tools. This shifts Koi from a standalone Series A direct diligence target into a strategic technology component inside a major cybersecurity platform, but it also validates the category: a public incumbent considered endpoint-level AI agent governance important enough to acquire quickly after Koi's launch.
The dual-use relevance is substantial. Defense contractors, intelligence organizations, national laboratories, and critical-infrastructure operators face the same productivity pressure to adopt AI coding agents and autonomous tools as commercial enterprises, but with stricter requirements for compartmentalization, auditability, credential handling, and software provenance. Agentic endpoint controls can help govern which tools are allowed in sensitive development environments, detect risky MCP servers or extensions, enforce different policies for privileged users, and create evidence that software intake is being monitored continuously. The technology is not a weapon system, but it is directly relevant to secure software assurance, classified or export-controlled development workflows, and the broader problem of keeping autonomous tools from becoming privileged insiders on mission networks.
Dual-Use Assessment
Koi has strong dual-use applicability because the same controls needed by commercial enterprises to govern AI agents, software packages, extensions, and MCP servers are needed by defense-adjacent organizations with stricter security and compliance requirements. The technology addresses a real operational risk: autonomous endpoint tools can inherit user privileges, access local files, call internal APIs, store credentials, and update through external marketplaces. In defense, intelligence, and critical-infrastructure environments, agentic endpoint visibility and policy enforcement can support secure software intake, classified development controls, CMMC/NIST-aligned software assurance, and prevention of credential leakage or lateral movement through compromised tools. The dual-use thesis is strongest as a governance and assurance layer, not as a defense-specific product by itself.
Strategic Fit Assessment
Koi is no longer directly actionable as a standalone startup because Palo Alto Networks completed the acquisition in April 2026. The investment lesson is still important: Koi showed that agentic endpoint security can become strategically valuable very quickly when a startup defines a specific control gap created by AI adoption, proves enterprise urgency, and builds a product that fits existing security workflows. for strategic readers, the actionable thesis shifts from funding Koi to tracking adjacent opportunities around agent identity, MCP security, AI software supply-chain governance, developer-tool policy enforcement, and endpoint controls that can operate outside a single incumbent platform. Any follow-on investment should focus on companies with clear deployment evidence and defensible technical depth rather than generic AI security messaging.
Strategic Value to U.S.-Israel Alliance
Koi's strategic value is category definition plus platform leverage. It reframed endpoint security around the software and agent layer that sits above the operating system but below enterprise SaaS governance: extensions, packages, models, agents, MCP servers, and tools that users self-provision. Palo Alto's acquisition gives this capability distribution through Prisma AIRS and Cortex XDR, while Koi's standalone offering gives customers a bridge even when they are not standardized on Palo Alto endpoint tooling. For defense and national-security readers, Koi is a useful reference architecture for how agentic AI adoption should be governed at the workstation level: inventory everything that can act, score it continuously, enforce least-privilege intake policies, and create audit evidence before autonomous tools become part of mission-critical workflows.
Key Technologies
- Endpoint inventory for binary and non-binary software across macOS, Windows, and Linux
- Discovery and governance for AI agents, MCP servers, code packages, containers, browser extensions, IDE plugins, and AI models
- Wings risk engine for code, behavior, ownership, update-channel, network-egress, and install-source analysis
- Policy enforcement by user, group, software type, asset sensitivity, and risk level
- Gateway controls for software marketplaces, registries, app stores, and extension catalogs
- Agentless quarantine, removal, ticketing, owner notification, and approval workflows
- Integration path into Prisma AIRS and Cortex XDR for agentic endpoint security
Use Cases & Applications
- Enterprise inventory of unmanaged software, browser extensions, developer packages, local AI tools, and MCP servers
- Governance of AI coding agents and autonomous developer workflows in sensitive repositories
- Blocking or remediating malicious extensions, delisted packages, risky plugins, and suspicious software updates
- Policy-based approval flows that let developers request tools without broad network or endpoint bans
- Supply-chain risk monitoring for software marketplaces, registries, and app stores
- Cortex XDR enrichment for identifying and remediating risks in the AI software ecosystem
- Defense contractor software assurance for CMMC, NIST, export-controlled, and classified development environments
- Credential-leakage and lateral-movement prevention for privileged users running AI-assisted endpoint tools
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- Official website Primary public reference for company identity, positioning, and current web presence.
- Profile update timestamp Last updated in the Claw & Talon database on May 8, 2026.
Investor Lens
What this entry is
Defunct or wound down
Why it may matter
Koi Security may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify technical claims
- Verify regulatory/export-control issues
Main investor questions
- Is this entry a benchmark, buyer, ecosystem node, acquired asset, or strategic reference rather than a live startup opportunity?
- What does this reference clarify about buyers, sector structure, public-market context, or strategic demand?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies Koi Security's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- Is the company a live venture opportunity, a mature strategic reference, an acquired asset, or primarily a market-mapping entry?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.