Koi Security, the Washington, DC-based endpoint security startup, has raised $48 million in funding to combat risks from self-installed software, blind spots in cybersecurity, complex software supply chains, and modern enterprise IT environments.

Founded in 2024, Koi Security tackles the growing danger posed by unmanaged software flowing into enterprise systems. Instead of focusing only on precompiled binaries, its platform secures noncompiled code, containers, AI models, and extensions. By doing so, the company delivers visibility, risk analysis, and policy enforcement across the blind spots that traditional scanners often miss.

At the core is its flagship Supply Chain Gateway, a centralized checkpoint that unifies inventory tracking, real-time risk analysis, and automated remediation. Alongside it, Wings, an AI-driven risk engine, uses classification, sandboxing, and intelligence feeds to block malicious components before they land on any endpoint.

From Proof of Risk to Scaled Enterprise

Koi Security’s founding team, alums of Israel’s elite Unit 8200 intelligence corps, first demonstrated the threat through a controlled experiment. They built a fake Visual Studio Code extension called Darcula Official, which secretly exfiltrated data.

Within a week, it infiltrated more than 300 organizations, including Fortune 500 companies and a national court network. That proof of concept shaped their early product, ExtensionTotal, which later expanded into today’s comprehensive Supply Chain Gateway.

Large enterprises often have thousands to hundreds of thousands of endpoints: desktops, laptops, servers, sometimes containers, varied OSs, remote work setups, and hybrid/cloud infrastructures. Managing that at scale with traditional tools is complex. False positives, slow detection, inconsistent configurations and patching all reduce the effectiveness of existing solutions.

Since many enterprises are only now waking up to the risks around self-installed software, extensions, AI models, etc., there’s a first-mover advantage. Suppose Koi builds a platform that becomes standard in this space. In that case, there’s a large market, potentially strong defensibility (through patents, risk engines, etc.).

Strong Backing, Strong Growth

The latest funding round includes $10 million in seed capital and a $38 million Series A, led by Battery Ventures, Team8, Picture Capital, and NFX, with participation from Cerca Partners. The company already protects more than 500,000 enterprise endpoints, including those belonging to Fortune 50 firms, leading banks, and global tech giants.

Koi Security plans to use the investment to scale its operations, advance its AI-first detection models, and expand its market reach. With pending patents and rapid enterprise adoption, the company is positioning itself as a defining player in the next generation of endpoint protection.

Follow USTechTimes on Facebook, Twitter and Linkedin for in-depth news of market trends, funding updates, and regulatory changes affecting startups in USA.

We Recommend: