Palo Alto Networks nears $400M acquisition of Israel’s Koi Security
Palo Alto Networks is in negotiations to acquire Israeli endpoint security startup Koi Security in a transaction valued at around $400 million, according to reports. The deal has not been finalized, but the parties have signed a preliminary memorandum of understanding, indicating advanced discussions and serious intent on both sides.
If completed, the transaction would mark Palo Alto Networks’ first acquisition of an Israeli company since founder Nir Zuk stepped down from his role as chief technology officer last year. That timing is notable in the context of the company’s long-standing ties to Israel’s cybersecurity ecosystem, where a deep talent pool and a steady pipeline of enterprise security startups have made the country a key source of innovation for global buyers.
A milestone deal after a leadership transition
The talks around Koi Security arrive during an active period for Palo Alto Networks, which has been using acquisitions to expand its security platform across multiple categories. The potential Israeli purchase would be closely watched as a signal of whether the company’s dealmaking cadence and geographic focus are changing following Nir Zuk’s departure from the CTO role.
While Palo Alto Networks has historically been associated with Israel’s cybersecurity scene through talent and product development, this deal would represent a clear return to acquiring Israeli assets—an important symbolic step given the company’s origins and the broader role Israeli startups play in shaping enterprise security priorities.
Koi Security’s capital-efficient path to a nine-figure exit
Koi Security has built its business with comparatively modest funding. The company raised about $48 million across two rounds, yet it is now at the center of a potential nine-figure acquisition. If the reported valuation holds, the outcome would represent a significant return for founders Amit Assaraf, Idan Dardikman, and Itay Kruk, as well as early investors.
Backers cited in the report include Battery Ventures, NFX, Team8, Picture Capital, and a fund supported by veteran cybersecurity executives. A successful exit at the rumored price would underscore the market value of focused security products that address urgent enterprise pain points—particularly when those products can be developed quickly and efficiently.
Targeting a growing weak spot: software supply chain exposure
Koi Security’s appeal is tied to a problem that has grown more acute as organizations rely on a sprawling web of third-party code, applications, and developer add-ons: software supply chain security. According to the report, the startup has developed a scanning engine intended to detect malware and hidden vulnerabilities before they propagate across corporate networks and devices.
The company’s approach emphasizes prevention at the source. Rather than waiting for threats to be detected after deployment, Koi Security continuously inspects popular ecosystems used by developers and enterprises, including code marketplaces, browser extension stores, and package repositories. These distribution channels have become a recurring target for attackers because a single compromised dependency or extension can spread quickly across thousands of endpoints.
By identifying risky components upstream—before they are installed widely—Koi Security aims to help security teams reduce exposure and shorten response times. The strategy aligns with a broader industry shift toward earlier-stage controls, where security is embedded into the software lifecycle and procurement process, not bolted on after incidents occur.
How the deal fits Palo Alto Networks’ acquisition strategy
The potential purchase would also fit into Palo Alto Networks’ recent pattern of large-scale acquisitions designed to deepen capabilities across adjacent security domains. In late 2025, the company agreed to acquire Chronosphere for $3.35 billion, a move aimed at strengthening its position in modern application environments and observability-driven security workflows.
Earlier, it also announced plans for an approximately $25 billion acquisition of CyberArk, a deal that would significantly broaden its footprint in identity security and privileged access management. Against that backdrop, Koi Security would represent a more targeted bet—one focused on third-party software and extension risk—while still aligning with the platform expansion strategy.
For customers, the logic is increasingly about consolidation: fewer vendors, tighter integration, and more unified visibility across endpoints, identities, cloud workloads, and the software components that power daily operations. A supply-chain-focused capability could complement existing endpoint and cloud security offerings, particularly as enterprises struggle to keep pace with the volume of third-party code entering their environments.
What to watch next
Key details remain unconfirmed, including final valuation, deal structure, and timeline. The existence of a preliminary memorandum of understanding suggests talks have progressed beyond early-stage exploration, but acquisitions of this size can still shift due to diligence findings, regulatory considerations, or strategic reprioritization.
Still, if Palo Alto Networks closes the reported $400 million acquisition, it would represent a notable moment for Israel’s cybersecurity startup market and another step in the security industry’s ongoing consolidation—this time centered on the increasingly critical question of how to secure the software supply chain before threats reach the enterprise perimeter.
Related
