Cybersecurity has just acknowledged that the problem is no longer just about protecting traditional users, servers, or applications. Now it also involves monitoring AI agents that are beginning to execute code, access sensitive data, and operate directly from endpoints with increasing levels of autonomy. In this context, Palo Alto Networks has completed its acquisition of Koi and has leveraged this move to introduce a new strategic label: Agentic Endpoint Security (AES). This category aims to position the company in one of the most promising and uncertain fronts of enterprise cybersecurity.
The company announced the closing of the deal on April 14, 2026. While the official purchase amount has not been disclosed, industry sources following the deal since February estimate it at around $400 million. Beyond the price, the key point is the underlying reason: Palo Alto believes that the rapid adoption of tools like Claude Code and OpenClaw is clearly expanding the attack surface at endpoints, because these agents can install software, modify critical systems, and manipulate sensitive information from environments where traditional tools often lack sufficient visibility.
The endpoint returns to the center, but now with agents
Palo Alto’s thesis is that the nature of the endpoint has changed. It’s no longer just the employee’s laptop or the developer’s machine. It’s also the place where agents that write code, launch processes, interact with APIs, download dependencies, and make decisions with minimal human intervention are beginning to reside. According to the company, this new landscape demands a specific layer of protection because traditional endpoint and EDR products were not designed to fully understand this kind of agent behavior.
This is where Koi comes in. Prior to the acquisition, the startup was already focused on identifying and managing agent-based software and tools on endpoints, with a strong emphasis on controlling installations, understanding what each agent does, and providing visibility into software that may not be well cataloged by classic mechanisms. Its website describes products for tracking, governing, and enabling installations on endpoints, along with a layer of information on self-provisioned software and access control components for marketplaces, app stores, or repositories. This approach aligns well with Palo Alto’s current goal: bringing this visibility into the core of its AI security platform.
The integration will serve two main purposes. On one side, Prisma AIRS, Palo Alto’s platform for protecting applications, models, data, and AI agents. On the other, Cortex XDR, where the acquired technology will be used to introduce a new module aimed at identifying and remediating risks within the AI-driven software ecosystem. Palo Alto has also stated that Koi’s capabilities will remain available as an independent offering, which is relevant for customers who do not want to switch their existing EDR or prefer to add this layer to their current tools.
A new category… and a much bigger race
The term Agentic Endpoint Security may sound like a marketing gimmick, and perhaps it partly is, but it points to a real issue. AI agents operating on endpoints blend multiple risk surfaces simultaneously: local execution, privileged access, software downloads, credential exposure, repository interactions, and rapid action capabilities. This dangerously resembles an “automated insider,” an idea explicitly articulated by Lee Klarich, Palo Alto Networks’ Head of Product and Technology.
This move should also be seen within a larger race. Palo Alto has been reinforcing its strategy for becoming a comprehensive security platform in the AI era for months. In March, it announced Prisma AIRS 3.0, emphasizing a “single control plane” to protect applications, models, agents, and data across the enterprise. In February, during its quarterly results presentation, it warned that rising integration costs from various acquisitions—including Koi—were impacting its adjusted profit outlook for 2026. The company is thus accepting short-term financial pressure to gain traction in what it considers a pivotal stage.
This effort is not happening in isolation. Last week, Anthropic introduced Claude Mythos Preview within Project Glasswing, collaborating with partners such as Apple, Google, Microsoft, NVIDIA, Palo Alto Networks, and CrowdStrike, while OpenAI launched GPT-5.4-Cyber along with an expansion of its Trusted Access for Cyber program. The core message remains the same: AI is now deeply entering cybersecurity, and major tech players want to capture that new layer of value. In this landscape, Palo Alto can’t just sell traditional firewalls or XDR solutions. It needs a compelling story on how to protect autonomous agents where they truly operate: on endpoints and within developers’ workflows.
What’s at stake for Palo Alto?
The acquisition of Koi also reveals a broader industry concern: who will control security in an era where work is increasingly assisted by agents? If software development, operations, and parts of support begin to rely on agents that install dependencies, read secrets, run scripts, and make code changes, security can no longer focus solely on perimeter, network, or cloud defenses. It must also understand what each agent does, with what permissions, from where, and with what consequences. This is the layer Palo Alto aims to capture before others set it as a standard.
It remains unclear whether AES will evolve into a standalone category or be integrated into broader EDR, XDR, or AI security solutions. However, it’s clear that Palo Alto is not waiting on the sidelines. The Koi acquisition provides a narrative, specific technology, and an opportunity to present itself as the company that not only defends networks and clouds but also guards the emerging algorithmic workforce already operating within enterprises. In a field driven by anticipating the next attack surface, this is no small detail.
Frequently Asked Questions
What exactly did Palo Alto Networks acquire with Koi?
A startup focused on protecting AI agents and autonomous tools on endpoints. Palo Alto aims to integrate this technology into Prisma AIRS and Cortex XDR to enhance visibility and control over local coding agents and other agent-based tools.
What does Agentic Endpoint Security mean?
It’s the name Palo Alto has given to a new protection category aimed at monitoring AI agents operating on endpoints, with access to critical systems, sensitive data, and local tools. The goal is to defend a risk surface that traditional solutions don’t fully cover.
Is Palo Alto’s payment for Koi known?
The company has not officially disclosed the purchase amount. Industry sources placing the deal since February estimate it at around $400 million, but this figure is not in the official statement.
Will Koi continue as an independent product?
Yes. Palo Alto has stated that Koi’s capabilities will remain available as a standalone offering, in addition to integration with its main platforms. This allows some clients to use it alongside existing EDR solutions.