Silicon Valley-based cybersecurity firm Palo Alto Networks is in talks to acquire Israeli outfit Koi Security for approximately $400 million.
According to Globes, the deal has not yet closed, but the parties have signed a preliminary memorandum of understanding and are continuing negotiations to finalize the terms.
If completed, the transaction would mark Palo Alto Networks’ first acquisition of an Israeli company since founder Nir Zuk stepped down from his role as chief technology officer last year, ending more than two decades in a key executive position.
The potential acquisition underscores Palo Alto Networks’ continued strategic focus on advanced cybersecurity technologies, particularly those leveraging AI.
Deal and deliverance
Koi Security was founded by CEO Amit Assaraf, CTO Idan Dardikman, and CPO Itay Kruk, all of whom are expected to be among the main beneficiaries of the deal. The company has raised just $48 million over two funding rounds, according to PitchBook, making a $400 million exit a significant multiple for both founders and investors.
Koi’s major backers include Battery Ventures, Gigi Levy-Weiss’ NFX, Team8, and Picture Capital. Also among the investors is a venture capital fund formed by senior cybersecurity executives Dan Amiga, Mike Fey, Mickey Bodai, and Rakesh Loonkar. For several of these funds, the acquisition would represent a notable liquidity event after a relatively subdued period for Israeli tech exits.
The talks come against the backdrop of a gradual recovery in Israel’s technology sector, which has faced a prolonged slowdown in fundraising and M&A activity over the past two years. A high-profile acquisition by a global cybersecurity leader could help signal renewed confidence in Israeli cyber startups.
AI-driven approach to securing developer ecosystems
Over the past two years, Assaraf, Dardikman, and Kruk have focused on developing a software engine that uses large language models (LLMs) and autonomous AI agents to identify malicious code and security vulnerabilities. The technology is designed to scan applications and software extensions that developers and organizations routinely download from public repositories and marketplaces.
Koi Security’s platform monitors a wide range of popular ecosystems, including Microsoft’s Visual Studio Code Marketplace, Microsoft Edge extensions, Google’s Chrome Web Store, Mozilla’s Firefox add-ons, NPM, and Homebrew. These repositories have become critical components of modern software development, but they have also emerged as attractive targets for attackers seeking to distribute malware through trusted channels.
By continuously scanning these environments, Koi aims to help organizations detect compromised or malicious components before they spread across corporate networks. This approach addresses a growing concern among enterprises about supply chain attacks, particularly those that exploit open-source tools and third-party extensions.
You’re looking fit
For Palo Alto Networks, the acquisition would potentially strengthen its endpoint and cloud security offerings at a time when customers are demanding more comprehensive protection across increasingly complex IT environments. The company has been expanding aggressively through acquisitions, including its recently confirmed $25 billion purchase of identity security firm CyberArk.
Integrating Koi’s technology could allow Palo Alto Networks to extend its security coverage deeper into the software development lifecycle, an area where traditional endpoint protection tools often fall short. It would also enhance the company’s AI capabilities, which Palo Alto Networks’ leadership has repeatedly highlighted as a core pillar of its long-term strategy.
The fact that the talks are taking place shortly after Zuk’s departure as CTO has also drawn attention within the industry. Zuk, who co-founded Palo Alto Networks, was closely associated with the company’s technology vision and its strong ties to Israel’s cybersecurity ecosystem. A deal involving Koi Security could indicate continuity in Palo Alto Networks’ acquisition strategy, even as its leadership structure evolves.
No official comment yet
Despite the advanced stage of discussions, neither Palo Alto Networks nor Koi Security has responded to requests for comment. As with many such transactions, there is no certainty that the talks will result in a completed deal, and the final valuation and structure could still change.
Nevertheless, the signing of a memorandum of understanding suggests that both sides see strategic value in the transaction. Should the acquisition go ahead, it would rank among the more significant Israeli cybersecurity exits of recent years and further cement Israel’s position as a global hub for cutting-edge cyber innovation.
Cyberattacks targeting Taiwan’s government more than doubled in 2024 to an average of 2.4 million incidents a day, according to a new report from the island’s National Security Bureau, which said most of the activity could be traced to Chinese cyber forces.
