Agentic Endpoint Security: Palo Alto Networks Acquires Koi

On April 14, 2026, Palo Alto Networks officially completed its acquisition of the cybersecurity startup Koi, a strategic move that does more than just expand the company’s portfolio—it fundamentally redefines the scope of enterprise protection by introducing a vital new category: Agentic Endpoint Security.

As organizations race to integrate autonomous AI agents into their core workflows, the enterprise perimeter has effectively dissolved. Traditional Endpoint Detection and Response (EDR) tools, designed to identify malicious executables, are increasingly blind to the fluid, non-binary, and intent-driven actions of modern AI assistants. With the integration of Koi’s technology into its Prisma AIRS framework, Palo Alto Networks is moving to address this critical visibility gap, providing a centralized control plane to govern, monitor, and remediate risks within the rapidly expanding agentic ecosystem.

The Evolution of the Endpoint: From Binaries to Agentic Intent

For decades, endpoint security has been predicated on the detection of malicious files, binaries, or suspicious system behaviors. However, the modern enterprise has shifted toward an agentic-first operating model. Developers and knowledge workers are adopting autonomous AI tools—such as Claude Code and OpenClaw—that act as “digital coworkers.” These agents do not simply exist as static software; they are dynamic, conversational, and capable of executing complex, multi-step workflows that involve reading sensitive data, interacting with SaaS platforms, and issuing shell commands.

This shift has introduced what industry experts often call “the ultimate insider threat.” Because these agents operate under a user’s existing credentials and permissions, their actions are typically perceived by legacy security systems as legitimate user activity. When an agent is misconfigured, compromised by an adversarial prompt, or simply acts on flawed logic, it can perform operations—such as data exfiltration, unauthorized code deployment, or infrastructure modification—at machine speed, entirely bypassing the detection mechanisms built for traditional software.

The Rise of “Vibe Coding” and Unmanaged Shadow AI

A core driver of this risk is the emergence of “vibe coding.” This approach to software development, which prioritizes conversational natural language prompts over traditional syntactic programming, allows non-technical users to build, iterate, and deploy applications in a rapid, iterative loop. While this model significantly accelerates time-to-value, it creates a massive, unmanaged attack surface. Because the “code” is essentially a series of conversational exchanges with an LLM, it often bypasses traditional CI/CD security gates, static analysis, and vulnerability management.

Furthermore, these environments create a new manifestation of “Shadow IT.” When employees autonomously spin up agents, browser-based plugins, and local AI servers—such as those utilizing Model Context Protocol (MCP)—to assist with tasks, security teams rarely possess real-time visibility into these entities. This creates an environment where malicious actors can exploit the trust placed in these agents, using them as conduits to pivot deeper into the enterprise network.

Palo Alto Networks’ Response: Introducing Agentic Endpoint Security

The acquisition of Koi addresses this challenge directly through the creation of Agentic Endpoint Security (AES). This new category of protection is engineered to move beyond binary-centric monitoring, focusing instead on the behavioral intent and functional authority of AI agents operating at the endpoint.

By folding Koi’s technology into the Prisma AIRS framework, Palo Alto Networks is delivering a unified platform that provides:

• End-to-End Visibility: Discovering and mapping all AI agents, plugins, scripts, and non-binary software components currently active in the enterprise environment.
• Intent-Based Risk Assessment: Continuously analyzing the actions taken by AI agents to differentiate between legitimate productivity-enhancing tasks and anomalous or malicious behavior.
• Centralized Governance: Establishing a single control plane where security teams can define and enforce policies for AI agents, preventing over-privileged agents from accessing sensitive data or critical system resources.

As Lee Klarich, Chief Product & Technology Officer of Palo Alto Networks, noted, the goal is to ensure that organizations do not have to sacrifice security for the sake of AI-driven innovation. By providing a dedicated layer of Agentic Endpoint Security, the company is effectively giving security teams the guardrails they need to govern an environment where autonomous systems are increasingly taking the lead.

Integrating AES into the Security Operations Center (SOC)

The impact of this acquisition extends beyond the endpoint. Palo Alto Networks is also introducing a new module for Cortex XDR that utilizes Koi’s insights to identify and remediate risks within the broader AI software ecosystem. This allows the SOC to gain much-needed context during investigations: when an incident occurs, analysts can now see exactly which AI agent or “vibe-coded” script initiated the suspicious activity, the user context behind it, and the data it attempted to access.

For organizations already utilizing other EDR solutions, Palo Alto Networks is keeping Koi’s core capabilities available as a standalone offering. This is a critical tactical decision, acknowledging that the security industry is currently in a state of transition and that enterprises need flexible tools to secure their AI-native workflows regardless of their current vendor stack.

Three Pillars of Agentic Security

1. Visibility: Identifying the “what”—uncovering every AI agent, browser extension, and IDE plugin operating within the organization.
2. Posture Management: Understanding the “authority”—assessing the permissions and access levels granted to these autonomous entities to ensure the principle of least privilege.
3. Runtime Protection: Controlling the “action”—blocking malicious instructions, unauthorized shell commands, and data exfiltration attempts in real-time as the agent executes its tasks.

Conclusion: The New Imperative for the AI Enterprise

The completion of the Koi acquisition represents a turning point in how the cybersecurity industry approaches the AI era. As we move further into 2026, the distinction between “human work” and “AI work” will continue to blur. The endpoint is no longer merely a workstation for a human; it is the battlefield where autonomous agents, acting with high-level access and authority, operate daily.

By establishing Agentic Endpoint Security as a formal category, Palo Alto Networks is providing the necessary framework for enterprises to transition into the “AI Enterprise” securely. The challenge of securing autonomous agents is not a temporary hurdle; it is the defining security challenge of this generation. For CISOs and security leaders, the message is clear: traditional visibility is no longer sufficient. To defend the modern, fluid, and agent-driven enterprise, security must evolve to monitor, manage, and protect the very intent of the machines that have become our most powerful and, potentially, our most dangerous coworkers.