Palo Alto Networks Inc. is acquiring Koi Security Ltd., a startup that helps enterprises prevent their employees from downloading risky files.

The companies announced the deal today without disclosing the financial terms. According to Calcalist, the transaction is worth $400 million. Tel Aviv-based Koi previously raised $48 million from Battery Ventures and other investors.

The parts of an application that can perform tasks such as modifying a database are usually stored as so-called binary files. However, binary files aren’t the only type of software asset that can be found in a corporate network. There are also scripts, code editor plug-ins, browser extensions, artificial intelligence training datasets and many other files. Koi has developed a cybersecurity platform that is specifically focused on such files.

The platform’s first core selling point is that it can help companies block risky downloads. Developers often pull files such as AI training datasets from third-party websites. When a user navigates to a website that hosts such files, Koi replaces the download button with a “request approval” button.

The platform determines whether to approve a download by evaluating a long list of factors. It checks whether the developer of a given file is associated with malicious activity and analyzes the file’s code. Furthermore, Koi studies how that file behaves when it’s opened by users. The platform analyzes the network traffic generated by the file and the changes that it makes to the host machine.

Many files, particularly the open-source components that developers incorporate into software projects, receive updates from their publishers. Such code changes represent a potential attack vector. Koi includes a tool that detects when an update is rolled out to a file and delays its installation, which gives administrators time to search for risks.

Koi monitors files after they’re downloaded using a built-in threat detection engine. Risky items are displayed in a dashboard that provides remediation features. Administrators can remove a file, isolate it from the corporate network or, if the security risk relates to a recent update, roll it back to a previous version.

Palo Alto Networks plans to integrate Koi’s technology with its Cortex XDR and Prisma AIRS platforms. The former offering is an endpoint security product designed to protect cloud instances, employee devices and other technology assets. Prisma AIRS, in turn, has a narrower focus on protecting AI workloads. 

AI agents “can autonomously discover, invoke and even install additional components at machine speed, accelerating risk across an already expanding, largely unmanaged software layer,” Hadar Oren, senior vice president of product management for Cortex at Palo Alto Networks, wrote in a blog post. “Koi is designed to eliminate blind spots across the AI-native ecosystem and help organizations govern agentic tools safely.”

Image: Koi