Palo Alto Networks has completed its acquisition of Koi, turning a February deal into a live product and platform move on April 14, 2026. In its announcement, the company said the deal is meant to close what it calls the “AI security gap” as frontier models and coding agents expand the enterprise attack surface. Palo Alto Networks said the combined platform will define a new category it calls Agentic Endpoint Security, or AES.
The acquisition aimed at a problem that many traditional security tools were not designed to handle. Palo Alto Networks says modern AI agents can read, write and move data, while attackers are chaining exploits in agent frameworks through authentication bypass, API-based remote code execution, spoofed identities and credential hijacking. The company’s argument is simple: as software becomes more autonomous, the endpoint is no longer just a laptop, desktop or server. It is also a place where AI agents and automation tools can operate with broad permissions.
Koi focused on securing what it calls the “agentic endpoint,” a term that refers to AI tools, plugins, scripts, packages and other non-binary software elements that influence endpoint behavior outside older security models. In Koi’s own description, the modern endpoint is shifting from a place where users run applications to a place where autonomous AI agents behave like persistent, privileged actors with access to files, shells, credentials and enterprise systems.
Koi’s technology will be integrated into Prisma AIRS, the company’s AI security platform, and into Cortex XDR, its endpoint security product. The company said the integration will extend visibility and security to agentic AI on the endpoint and will also add a new module to identify and remediate risks within the AI software ecosystem. Koi’s capabilities will remain available as a standalone offering. That detail matters because it shows Palo Alto Networks is not only absorbing a startup, but trying to turn a niche technology into a wider security layer across its product stack.
Lee Klarich, the company’s chief product and technology officer, said AI agents and tools are “the ultimate insiders” because they have access to systems and data while operating outside the view of traditional security controls. That framing is important for understanding how the company sees the market: it is no longer treating AI endpoint security as an add-on feature. It is treating it as a separate class of risk that needs its own control plane.
The rapid adoption of tools such as Claude Code and OpenClaw, which Palo Alto Networks cited in its release, is pushing more work onto agents that can act independently inside corporate systems. From a security standpoint, that creates a gap between what the software is allowed to do and what security teams can easily observe. The company says this is why a new category of protection is needed. That is an inference from its product framing, but it follows directly from the way the acquisition was described in the release.
Koi fits into that broader platform strategy because it gives Palo Alto Networks a way to talk about AI security not only at the model layer or cloud layer, but at the endpoint layer where users, scripts and autonomous tools intersect.
Koi’s announcement earlier this year helps explain why Palo Alto Networks moved quickly. Koi said in February 2026 that it had signed a definitive agreement to be acquired and described the endpoint as changing structurally, not incrementally. Software on endpoints is becoming “non-binary,” with packages, extensions, plugins, agent skills, MCP servers and model artifacts installed and updated outside traditional oversight. That description lines up closely with Palo Alto Networks’ later framing of the problem, which suggests the acquisition was driven by a shared view of where enterprise computing is heading.
The acquisition also arrives at a moment when AI security products are moving from concept to deployment. Palo Alto Networks said the Koi integration will help customers deploy agentic tools with confidence, while keeping the standalone capabilities available for existing EDR environments. That suggests the company expects mixed environments for some time: older endpoint controls on one side, and AI-aware control layers on the other. For enterprises, that is likely the most practical reading of the deal. Security teams will not replace everything at once.
[Also Read: Palo Alto Networks Completes Acquisition of CyberArk to Lead in AI-Era Security ]
