Palo Alto Networks announced today that it has completed the acquisition of Koi, an Israeli cybersecurity startup recognized as the pioneer of Agentic Endpoint Security. The deal integrates Koi’s technology directly into Palo Alto Networks’ Prisma AIRS AI security platform and adds a new module to Cortex XDR for identifying and remediating risks across the AI software ecosystem on endpoints.
Koi was built specifically to address the security challenges created by the rapid rise of autonomous AI agents and “vibe coding” tools such as Claude Code and OpenClaw. These systems operate with broad access to local files, applications, and networks, yet traditional endpoint detection and response tools were never designed to monitor or control them. Koi’s platform provides continuous visibility, scoped permissions, real-time policy enforcement, and audit trails for every agent action on the endpoint.
The acquisition gives Palo Alto Networks a complete control plane for securing AI-native workloads at the endpoint level. Customers can now manage both cloud-based AI security through Prisma AIRS and endpoint-based agentic risks through the newly integrated Koi capabilities, all within a single unified console. Koi’s solution will also remain available as a standalone offering for organizations that want to layer it alongside existing EDR tools.
This move reflects the accelerating shift toward agentic AI in the enterprise. As agents move from experimental pilots to production use on employee devices, the endpoint has become one of the most critical — and least defended — parts of the AI attack surface. Palo Alto Networks is positioning itself to close that gap by treating agentic endpoint security as a new, distinct category that requires purpose-built controls.
Key Terms
Agentic Endpoint Security (AES) — Specialized protection for autonomous AI agents and tools running directly on endpoints, including visibility, permission scoping, and real-time enforcement.
Vibe Coding Agents — AI tools that generate and execute code based on natural language prompts, often with broad local system access.
Non-Human Identity — AI agents, scripts, plugins, and model artifacts treated as independent principals that require dedicated identity, access, and audit controls.
Prisma AIRS — Palo Alto Networks’ leading AI security platform, now extended with Koi’s endpoint capabilities.
Cortex XDR — Palo Alto Networks’ extended detection and response platform, gaining a new module for AI software ecosystem risk remediation.
Conditions Driving This Change
Several converging forces are making agentic endpoint security an immediate priority for enterprises and vendors.
Autonomous AI agents and vibe-coding tools are moving rapidly from pilots to production use on employee laptops and workstations.
These agents operate with local system access, file system privileges, and the ability to call APIs or trigger workflows without constant human supervision.
Traditional EDR and endpoint protection tools were built for human-driven threats and static applications, not for agents that act independently at machine speed.
The endpoint attack surface has expanded dramatically as AI tools gain direct access to sensitive local data, configuration files, and internal networks.
Regulatory and compliance requirements are tightening around AI systems, demanding clear visibility, audit trails, and enforceable controls over automated actions.
High-profile supply-chain and agent-related incidents have heightened board-level concern about uncontrolled AI behavior on endpoints.
Enterprises need a unified way to secure both cloud-based AI workloads and the growing number of agentic tools running locally on devices.
Security vendors are racing to acquire specialized technology that can deliver purpose-built controls for non-human identities before the problem becomes unmanageable.
These pressures created the exact environment that made the Koi acquisition strategically critical for Palo Alto Networks.
What Security Looked Like Before
Before dedicated agentic endpoint security solutions, organizations relied on conventional EDR, antivirus, and endpoint protection platforms to secure devices. These tools were effective at detecting malware, monitoring human user behavior, and blocking known threats. However, they were never designed to understand or control autonomous AI agents that generate and execute code, interact with local files, or make decisions without human intervention.
Security teams had limited visibility into what agents were doing once they started running. Permissions were often granted broadly to allow the tools to function, and there was no practical way to enforce scoped, task-specific access. Audit logs captured activity at the process or user level, but they rarely connected actions back to a specific agent or its originating prompt. Revocation typically meant disabling an entire application or user account rather than isolating a single agent’s behavior.
The result was a growing blind spot. Agents could inherit excessive privileges, continue operating long after a task ended, or trigger actions that bypassed traditional detection rules. Governance teams wrote policies about acceptable AI use, but they lacked the technical controls to enforce those policies at the endpoint in real time. The endpoint had become one of the weakest links in the AI security chain precisely because the tools available to defend it had not evolved with the threat.
What’s Changing Now
With the completion of the Koi acquisition, Palo Alto Networks is integrating purpose-built Agentic Endpoint Security directly into its core platforms. Koi’s technology extends Prisma AIRS to provide visibility and control over AI agents running on endpoints, while a new module in Cortex XDR adds risk identification and remediation capabilities across the AI software ecosystem.
Organizations can now treat AI agents as first-class entities with verifiable identities, scoped permissions, continuous monitoring, and real-time policy enforcement. The combined solution offers a single control plane that covers both cloud-based AI security and endpoint-based agentic risks. Koi’s capabilities will also remain available as a standalone offering, giving customers flexibility to layer it alongside their existing EDR solutions.
This integration closes the gap that previously existed between cloud AI governance and endpoint reality. Security teams gain the ability to see exactly what agents are doing locally, enforce least-privilege access at the agent level, and respond instantly when behavior deviates from policy. The acquisition accelerates Palo Alto Networks’ ability to deliver comprehensive protection for the full AI-native environment — from the cloud to the device.
Our Take
AI Security Take
Palo Alto Networks’ completion of the Koi acquisition marks a significant step in defining Agentic Endpoint Security as a distinct and necessary category. By integrating Koi’s technology into Prisma AIRS and Cortex XDR, the company is giving enterprises the visibility, control, and auditability required to secure autonomous AI agents running directly on endpoints.
This move addresses one of the fastest-growing risk surfaces in enterprise AI: the local device where agents have broad access to files, applications, and networks. Organizations can no longer treat these tools as simple productivity aids. They require purpose-built governance and security controls that operate at the speed and autonomy of the agents themselves.
GAIG tracks platforms in the AI Security, AI Infrastructure Security, and AI Access Control categories that deliver runtime visibility, scoped permissions, and enforceable controls for agentic systems. The Koi acquisition reinforces that securing the agentic endpoint is now a core requirement for any enterprise scaling AI.
