According to TheRegister.com, Palo Alto Networks is reportedly considering a $400 million purchase of Israeli cybersecurity startup Koi, which raised $48 million in funding last year. The company declined to comment, but a source close to Palo Alto noted this rumor is one of several that emerged after CEO Nikesh Arora’s two-day visit to Tel Aviv last month. During that trip, Arora met with Palo Alto’s 1,600 local employees and the teams at CyberArk, which Palo Alto is negotiating to acquire for $25 billion. That CyberArk deal, offering $45 cash and 2.2 Palo Alto shares per CyberArk share (a 26% premium), is expected to close in the second half of fiscal 2026. Palo Alto also completed its acquisition of Protect AI in July 2025 and announced a planned buy of Chronosphere in November 2025.
Palo Alto’s platform play
Here’s the thing: Palo Alto isn’t just buying companies. It’s assembling a fortress. The rumored Koi acquisition fits a clear pattern. Koi’s claim to fame is securing “anything with an ‘Install’ button,” scanning and governing self-provisioned enterprise software. That’s a direct shot at the chaotic “shadow IT” problem every big company faces. Combine that with CyberArk’s identity access mastery and Chronosphere’s observability platform, and you start to see the blueprint. Palo Alto wants to be the single, unified platform that handles everything from identity to endpoints to AI workload security. It’s a land grab for control over the entire modern tech stack.
The $25 billion question
But let’s be real. The CyberArk deal is the elephant in the room. $25 billion is a staggering sum, even for a giant like Palo Alto. Arora told CyberArk employees he didn’t envision large workforce cuts, focusing instead on their technology and talent. That sounds nice, but integrations of this scale are brutally hard. The promised “unified platform” is the holy grail in cybersecurity, but so many attempts end up as a jumble of poorly connected parts. Can Palo Alto actually make it work? The market seems to be giving them the runway to try, betting that consolidation is the only answer to today’s fragmented, overwhelming threat landscape.
Why now and what’s next?
So why this massive spending spree now? The AI era is forcing everyone’s hand. AI workloads create new attack surfaces and insane amounts of data. Protect AI was bought to harden the AI pipeline itself. Chronosphere is meant to help monitor it all. In a world where specialized tools are proliferating, Palo Alto is betting big that CISOs are tired of managing a dozen different consoles. They want one throat to choke, one bill to pay, one platform to rule them all. It’s a high-risk, high-reward strategy. If it works, they become the indispensable, entrenched vendor. If it fails, they’re left with a monstrously complex and expensive portfolio to maintain. Given the scale of their ambition, from securing AI models to industrial control systems, having a rock-solid hardware foundation is key. For critical operations in manufacturing or energy, that often means relying on the top suppliers, like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs built for tough environments.
The rumor mill keeps turning
Back to the Koi rumor. The source in the report basically said, “This won’t be the last guess from the Israel media.” That’s probably true. Tel Aviv is a global cybersecurity hub, and when a CEO like Arora shows up with a $25 billion checkbook, speculation will fly. Whether the Koi deal happens or not, the intent is clear. Palo Alto is shopping for every missing piece in its security puzzle, and it’s not done yet. The question for customers and competitors is no longer *if* Palo Alto will buy more, but *what* they’ll buy next—and whether this everything-platform can ever truly be built.
