The story of the Koi cybersecurity startup doesn’t begin in a boardroom or at a polished investor pitch. It starts with a bold white-hat hacking experiment in the summer of 2024. That moment didn’t just expose a major vulnerability inside one of the world’s most widely used software ecosystems; it also laid the foundation for a fast-growing security company now backed with $48 million in venture funding.
Koi’s rise shows how quickly the modern software landscape is shifting, and how unprepared many organizations are for a new generation of risks hiding in everyday tools. As AI platforms, browser extensions, and open-source software packages flood workplaces, IT teams face threats that move faster than legacy defenses can catch.
Koi wants to change that dynamic. And investors believe it can.
Koi was founded by Amit Assaraf along with CTO Idan Dardikman and CPO Itay Kruk, all veterans of Israel’s elite military intelligence Unit 8200. While many successful cybersecurity companies trace their roots back to that institution, the origin story behind the Koi cybersecurity startup stands out.
The idea emerged after the trio discovered a major flaw in the Microsoft Visual Studio Code Marketplace. They set out to test whether a malicious-looking extension could slip past existing checks. In just 30 minutes, they created a fake theme extension called Darcula Official. It did more than mimic a typical plugin. Once installed, it could quietly collect sensitive information and even take remote control of a user’s device.
They didn’t expect what happened next.
Within a week, hundreds of organizations across sectors, including workers from Oracle and Pizza Hut, downloaded the extension. This was an alarming sign. It showed how easily harmful code could gain a foothold inside large companies through something as simple as a theme download.
Once they confirmed the experiment’s success, they responsibly disclosed the findings to Microsoft and fully removed themselves from the infected environments. But the story didn’t end there.
The test became the spark for a broader solution. The team built a tool called ExtensionTotal to help organizations track, assess, and block risky extensions. That tool quickly gained traction, and soon became the foundation for the rebranded Koi cybersecurity startup.
Assaraf often describes a challenge that many IT teams face today: employees want to work faster, smarter, and more creatively. That push leads them to add new tools, AI interfaces, browser plugins, open-source libraries, and lightweight software packages, into their daily workflows.
The problem? These tools can easily bypass traditional security layers.
Companies can’t simply block everything. Teams rely on these add-ons to stay competitive. However, most IT departments lack the visibility to know which tools are safe, which pose risks, and which are outright malicious.
This is the gap Koi aims to close.
The Koi cybersecurity startup tracks the software entering an organization, evaluates its risk, and enforces security guardrails without slowing down workers. That balance between productivity and protection is what makes the platform stand out in a crowded market.
Koi raised $10 million in seed funding in December. That round was led by Picture Capital and NFX, with participation from Cerca Partners. After gaining early traction, the company raised a $38 million Series A in August, led by Battery Ventures and Team8. Cerca Partners also returned for this round.
Altogether, Koi has now secured $48 million to fuel its mission.
The appetite for tools like Koi has grown rapidly as enterprises rethink their security infrastructure. Most legacy solutions protect the core but fail to monitor the modern “edge”, the countless small software pieces that enter an organization from external marketplaces.
Investors believe Koi is building the missing layer that bridges that gap.
According to the company, it crossed $1 million in annual recurring revenue in just three months, a milestone few cybersecurity startups reach so quickly. Customers now include Fortune 50 firms in finance and retail, along with major Fortune 500 companies in tech. For a startup founded only last year, the growth signals clear market demand.
Koi has grown to 40 employees and plans to scale even faster. The new funding will help expand its sales, R&D, customer success, and support teams. The company aims to become the default safety layer for modern software add-ons, a category that barely existed a few years ago.
As AI agents, open-source models, and workplace automation tools evolve, this category is expected to explode. That shift will make the work of the Koi cybersecurity startup even more essential.
Assaraf often notes that organizations don’t have the luxury of slowing down innovation. But they also can’t absorb the risks that come with unchecked software.
Koi wants to help them do both.
Very few cybersecurity startups begin with a hands-on experiment that exposes weaknesses in a major software ecosystem. And even fewer manage to turn that insight into real revenue and enterprise trust so quickly.
Koi is entering the market at the right moment. The explosion of AI tools, browser plugins, and micro-software has turned hidden extensions into one of the fastest-growing attack surfaces. This new environment needs a new kind of protection, one designed for speed, transparency, and intelligence.
With a white-hat hacking experiment as its foundation and $48 million behind it, the Koi cybersecurity startup is positioning itself to become one of the industry’s most important players.
