Palo Alto Networks has announced it has entered into a definitive agreement to acquire Koi, giving enterprises the power to see and protect the AI-native ecosystem that defines modern work.

As AI transforms workforce productivity, it has created a dangerous, unmanaged attack surface on every endpoint. These AI agents and tools—the “Agentic Endpoint”—operate with deep access to sensitive data, unrestricted permissions, and the ability to perform nearly any action, yet bypass traditional security controls. 

The New Imperative: Agentic Endpoint Security

Traditional security was built to stop malicious files, but modern AI agents and tools can actively read, write, and move data. Attackers are chaining exploits in agent frameworks — from authentication bypass to API-based remote code execution — while spoofing agent identities and hijacking credentials to weaponise trusted automation.

The endpoint attack surface is also evolving beyond traditional executables, with extensions, plugins, packages, scripts and model artifacts increasingly shaping endpoint behavior outside centralized oversight.

Agents accelerate and operationalise this shift, compounding risk at machine speed. This rapid shift has created a critical new blind spot in traditional approaches to security, requiring a new category of protection: Agentic Endpoint Security.

After the close of the acquisition, Koi’s Agentic Endpoint Security will extend to Palo Alto Networks’ Prisma AIRS™, its leading AI security platform. This integration will broaden coverage across critical AI-driven operations. Concurrently, it will enhance Cortex XDR®’s endpoint security solution providing significant visibility into the AI attack surface to improve security policy and malware prevention. This will ensure these critical capabilities are readily available to customers, allowing them to deploy agentic tools with confidence.

“AI agents and tools are the ultimate insiders,” Lee Klarich, Chief Product & Technology Officer, at Palo Alto Networks, said. “They have full access to your systems and data, but operate entirely outside the view of traditional security controls.

“By acquiring Koi, we will be closing this gap and setting a new standard for endpoint security. We will give our customers the visibility and control required to safely harness the power of AI—ensuring that every agent, plugin, and script is governed, verified, and secure.”

To read more about the acquisition, click here.

To read more Palo Alto Networks news, click here.