Palo Alto Networks Acquires Koi Security for $400 Million to Bolster File Security

Palo Alto Networks Inc. is acquiring Koi Security Ltd., a startup specializing in preventing employees from downloading risky files. The deal, valued at an estimated $400 million, was announced without disclosed financial terms by the companies. Koi, based in Tel Aviv, had previously secured $48 million in funding.

Koi's cybersecurity platform focuses on safeguarding various software assets beyond traditional binary files, including scripts, code editor plug-ins, browser extensions, and AI training datasets. A key feature of the platform is its ability to block risky downloads. When users attempt to download files from third-party websites, Koi can replace the download button with a request for approval.

The platform evaluates download requests by scrutinizing the file's developer for malicious associations, analyzing its code, and monitoring its behavior. This includes examining network traffic and any changes made to the host machine. Koi also includes a tool to detect and delay file updates, providing administrators time to assess potential risks.

Post-download, Koi's threat detection engine monitors files, flagging risky items in a dashboard with remediation options such as removal, isolation, or rollback to a previous version if a recent update poses a security threat.

Palo Alto Networks intends to integrate Koi's technology into its Cortex XDR endpoint security product and its Prisma AIRS platform, which focuses on protecting AI workloads. The acquisition aims to address the growing risks associated with AI agents autonomously discovering and installing components.