Koi did not ease into the market. It surfaced with proof. Founded in 2024 and headquartered in Washington, D.C., with deep engineering roots in Tel Aviv, Koi was built by Amit Assaraf, Idan Dardikman, and Itay Kruk after a controlled white hat experiment exposed a vulnerability most endpoint vendors ignored. In 30 minutes they built a fake VSCode theme called Darcula Official, embedded exfiltration code, and within 1 week more than 300 organizations were infected, including multibillion dollar enterprises. The message was clear. The software perimeter had expanded beyond binaries, and nobody was watching closely enough.
Amit Assaraf, former co founder and CTO of Landa, understood that the endpoint had evolved. Idan Dardikman and Itay Kruk, alumni of Sygnia, Canonic Security, and later Zscaler through acquisition, had lived inside incident response. They knew the real risk was not just malware. It was extensions, plugins, scripts, containers, AI models, and agents operating with legitimate credentials. They launched ExtensionTotal, saw rapid adoption, and moved quickly. In December 2024, Koi raised $10M in seed funding from Picture Capital and NFX, with Cerca Partners participating. By September 2025, Battery Ventures and Team8 led a $38M Series A, bringing total funding to $48M. Board seats went to Rakesh Loonkar, Barak Schoster Goihman, Ori Barzilay, and Gigi Levy Weiss. Execution was tight. Traction followed.
On February 16–17, 2026, Palo Alto Networks announced a definitive agreement to acquire Koi for approximately $400M, a figure first reported by CTech and echoed across Israeli business media. Terms were not disclosed. The timing was surgical. Just days after closing its $25B CyberArk acquisition, Palo Alto Networks moved again, this time targeting what it calls the agentic endpoint. In the language of startup news, this was not a tuck in. It was a platform move.
Lee Klarich, Chief Product and Technology Officer at Palo Alto Networks, framed the thesis directly. AI agents are the ultimate insiders, operating outside traditional controls. Amit Assaraf responded with equal clarity. In an agentic first world, traditional solutions are blind. Koi defines the category as Agentic Endpoint Security. Palo Alto Networks plans to integrate the technology into Prisma AIRS and Cortex XDR, expanding visibility into what Hadar Oren describes as non binary software, the extensions and scripts employees install without central oversight.
More than 500,000 endpoints are already under Koi’s protection, including Fortune 50 enterprises, major financial institutions, and leading technology firms. NFX reports that Koi reached $1M in ARR faster than companies like Wiz and Snyk. For a company barely 1 year old, velocity like that is not noise. It is pattern recognition.
From a market intelligence perspective, this is the kind of startup news that signals category acceleration. CyberArk secures identity. Koi monitors what those identities execute at the endpoint. As AI agents begin to operate as autonomous contributors, visibility becomes the leverage point. Palo Alto Networks is assembling that leverage across identity, cloud, AI, and now agentic endpoint governance.
Koi means carp in Japanese, a symbol of perseverance. The symbolism fits, but the strategy matters more. A ~$400M acquisition less than 2 years from founding is not luck. It is alignment with where enterprise risk is moving. In the current cycle of startup news, the winners are not just building faster software. They are defining new control surfaces before the market realizes it needs them.
