Koi Acquisition Highlights Startup Equity and Timing Risks
Defense tech startup Koi was acquired by Palo Alto for $400 million, but the deal reportedly closed before most employees had received their stock option grants. The situation serves as a cautionary tale for startup employees and founders about the importance of incentive alignment and the timing of compensation. The outcome underscores how the structure of equity plans can significantly impact employee rewards in a rapid acquisition scenario.
Koi Security was founded in mid-2024 by CEO Amit Assaraf, CTO Idan Dardikman, and CPO Itay Kruk, all veterans of the Israeli Defense Forces' elite Unit 8200. The company was established after the founders demonstrated a significant security gap in the VSCode Marketplace by creating a fake extension that secretly exfiltrated source code from over 300 organizations in a week. This white-hat hacking experiment quickly led to the development of their platform and significant investor interest. The startup operated for roughly a year and a half, raising a total of $48 million before the acquisition was announced. Its Series A round in late 2025 valued the company at $135 million, but acquisition talks with Palo Alto Networks were already underway. This rapid timeline from founding to a $400 million exit is what ultimately led to the issues with employee stock grants. The core of the problem was that while a valuation had been conducted to grant options to its roughly 60 employees, the technical process of allocating them was not completed before the acquisition deal was signed. Only the first 10 or so hires had been formally granted their stock options, leaving the majority of the team without direct participation in the lucrative exit. In response to employee frustration, Koi's founders, who each owned approximately 12% of the company and stood to make around $50 million each, committed to paying bonuses from their personal proceeds. These bonuses were intended to be roughly equivalent to what the employees would have received if their option packages had been granted, though the tax implications would be different. Palo Alto Networks acquired Koi to integrate its "Agentic Endpoint Security" technology into its Prisma AIRS AI security platform and Cortex XDR solution. Koi's platform is designed to secure the emerging AI attack surface, providing visibility and control over AI agents, plugins, and scripts that operate with deep access to corporate systems and data but can bypass traditional security. This acquisition is part of a larger strategic pattern for Palo Alto Networks, which has frequently turned to Israeli startups to bolster its security platform. Koi marks the company's 12th Israeli acquisition since 2014, a list that includes major deals like CyberArk for $25 billion, Talon Cyber Security for $625 million, and Demisto for $560 million.
