Cybersecurity startup Koi has raised $48 million to help companies guard against software add-ons that can evade long-standing protections.
Workforces are using tools like AI models, browser extensions, and software packages more frequently amid a broader productivity push, Koi cofounder and CEO Amit Assaraf said. At the same time, they can pose fresh risks and evade IT departments.
“You have to allow teams to be able to consume those pieces of software in order to gain that productivity value,” Assaraf said, “but you still want to stay secure.”
Koi closed a $10 million seed round in December and a $38 million Series A in August. Picture Capital and NFX led the seed, while Battery Ventures and Team8 led the Series A. Cerca Partners participated in both rounds.
The Washington, DC-headquartered startup was cofounded last year by Assaraf and two other former Israel Defense Forces members who served in intelligence Unit 8200: CTO Idan Dardikman and CPO Itay Kruk. Both Dardikman and Kruk previously worked together at cybersecurity company Sygnia.
While many cybersecurity startups have come out of Israel, Assaraf said, Koi’s origin story is unique.
It was born of a white-hat hacking gambit conducted in the summer of 2024. The trio found a security gap in the Microsoft Visual Studio Code Marketplace and created a fake theme extension called Darcula Official in 30 minutes that could collect sensitive information from users and control their systems remotely.
Within a week, hundreds of organizations, including employees from Oracle and Pizza Hut, downloaded the extension. After the experiment, the team made responsible disclosures and removed themselves from the affected environments, Assaraf said.
The experiment marked the birth of a security tool called ExtensionTotal, which gained traction and was rebranded as Koi a month after the company raised its seed.
Koi handles different types of software beyond extensions. In addition to risk assessment, it tracks an organization’s software downloads, applies predetermined security guardrails, and blocks malicious software before it can do harm. It also has an AI-powered risk engine to detect and stop threats.
Koi surpassed $1 million in annual recurring revenue in three months, the company said, and counts as customers Fortune 50 companies in finance and retail, as well as Fortune 500 companies in tech.
Koi has 40 employees and will use its funds to grow its sales, research and development, customer success, and technical support teams, Assaraf said.
Here’s a look at the pitch deck Koi used to raise its $38 million Series A. Slides have been removed so the deck can be shared publicly.
Read the full article here
