Securing What AI Installs Without Asking: Palo Alto’s Latest M&A

Palo Alto Networks is set to acquire agentic endpoint security company Koi. The deal is a response to how AI has slowly worked its way into endpoint behavior.

AI didn’t show up in daily working life all at once. It arrived one tool at a time. Each decision made sense on its own. It wasn’t inherently risky. It was just people using tools that helped them work faster.

The problem is that over time, those small choices added new tools to endpoints that can act on their own. Since they use normal user access, their activity looks legit.

Why AI is becoming an endpoint problem

This is where a lot of endpoint security tools start to miss stuff. They’re built to catch obvious problems, like malware, running on a device. AI agents don’t usually look like that.

They use tools that are already there and already trusted. Because those tools are so common, security systems tend to ignore them.

That’s the gap Palo Alto Networks is trying to solve with Koi.

“AI agents and tools are the ultimate insiders,” said Lee Klarich, chief product and technology officer, Palo Alto Networks. 

“They have full access to your systems and data, but operate entirely outside the view of traditional security controls. By acquiring Koi, we will be closing this gap and setting a new standard for endpoint security. We will give our customers the visibility and control required to safely harness the power of AI—ensuring that every agent, plugin, and script is governed, verified, and secure.”

Koi is focused on the parts of the endpoint that are easy to lose track of. Not the big applications everyone knows about, but the aforementioned smaller tools people add over time (tools pulled in to fix a problem or speed something up). 

They’re useful, they’re everywhere, and once they’re installed, they rarely get a second look.

AI agents operate in that same space. They use those tools to get work done, with the same access a person would have. 

The difference is how quickly they move and how much they can do on their own. When something isn’t set up quite right, issues tend to surface faster.

What changes with Koi in the mix

After the deal closes, Koi’s technology will be integrated into Palo Alto’s Prisma AIRS platform and extended into Cortex XDR. 

Once Koi is part of Prisma AIRS and Cortex XDR, teams get a much better sense of what’s actually sitting on their endpoints. Not just the big, obvious software, but the smaller tools that tend to blend into the background.

That makes it easier to see how those tools are actually being used, and what changes once an automated tool starts relying on them instead of a person.

“In an agentic-first world, traditional solutions are blind,” says Amit Assara, CEO, Koi. 

Palo Alto is essentially saying that those blind spots are becoming harder to ignore and even harder to justify.

The channel angle: how MSPs need to address customer concerns

Every time a team adds an AI tool to save time, by design, things get easier and flow better. 

The questions come later, which is a problem. That’s often when MSPs get pulled in. They then have to basically follow the breadcrumbs back to what was added, when it showed up, and what access it had. 

Being able to see that clearly makes those conversations simpler and shortens the path to a fix.

Security and endpoint vendors are clearly broadening their thinking around what “endpoint protection” actually means. Some recent moves in the market show companies investing in deeper visibility and automation across devices and the tools running on them, not just catching classic threats, but trying to understand real-world behavior and how it changes as new tools get added to the mix.