Palo Alto Networks Eyes Strategic $400M Buy of Israeli Cyber Startup Koi Security

What happened

Palo Alto Networks (PANW) is reportedly in negotiations to acquire Israeli cybersecurity startup Koi Security in a deal valued at about $400 million. The discussions are ongoing, and while no final agreement has been announced, both parties have signed a preliminary memorandum of understanding indicating serious intent to move forward.

Who is affected

The potential acquisition centers on Koi Security, a fast-growing Israeli company focused on endpoint and software supply chain risk, co-founded by Amit Assaraf (CEO), Idan Dardikman (CTO), and Itay Kruk (CPO). Its platform reportedly protects hundreds of thousands of endpoints across large enterprises, banks, and technology firms. If completed, the deal would expand Palo Alto’s platform offerings and impact its customers, investors, and competitors in the endpoint security space.

Why CISOs should care

For CISOs, this move signals continued consolidation in the cybersecurity market and emphasizes the strategic priority of bolstering endpoint and software supply chain defenses. As attackers increasingly exploit insecure third-party components and development pipelines, integration of Koi’s capabilities into a larger, unified security platform could influence purchasing decisions, vendor roadmaps, and the competitive landscape for endpoint risk mitigation technologies.

Furthermore, Palo Alto’s acquisition trajectory, including recent large buys like Chronosphere and CyberArk, highlights how major vendors are assembling broader portfolios to address emerging threats and AI-driven risks.

3 practical actions for CISOs

1. Reevaluate endpoint strategy: Assess whether current endpoint and software supply chain security tools provide deep visibility into third-party code and developer artifacts, areas of growing adversary focus.
2. Monitor vendor consolidation: Track how vendor acquisitions may affect product roadmaps, integration, and support lifecycles to mitigate risks of lock-in or capability gaps.
3. Engage with suppliers: Ensure that key software vendors and development partners follow robust secure-by-design practices and that your risk management processes cover software origin and composition analysis.