Koi, a cybersecurity startup reinventing security for the modern software layer, just closed a $48M Series A round. We led this round alongside Battery Ventures, Team8, and Picture Capital. Cerca Partners also invested.

Koi delivers full visibility and control over the self-installed software ecosystem. That means total transparency into every piece of software on every endpoint, from traditional binaries to emerging non-binary software like code packages, AI models, extensions, and plugins. Plus, they give companies the ability to manage and analyze risk across it all.

Here’s why we believed in Koi from day 0:

1. The Cybersecurity Battleground is Now the App-Layer

Koi’s founder, Amit Assaraf, saw what many overlooked: the application layer is the new security battleground, not the OS.

Applications are entire ecosystems made up of code packages, plugins, extensions, AI models, and updates. This shift means the software surface area on endpoints has exploded, driven largely by non-binary software. These components have become the primary targets for attackers, but they are largely invisible, or inscrutable to legacy security tools.

Traditional endpoint security tools focus on binary executables and OS-level protections. They weren’t built for this software ecosystem, and often let these vulnerabilities slip through.

Koi’s team didn’t just spot this before anyone else, they proved how vulnerable many organizations really are (you can read the full story here).

2. Incumbents Can’t Keep Pace

Obvious followup to Point #1: why don’t incumbents just take on this problem themselves?

Maybe they can. But they’ll have to re-learn everything they know to even try.

Here’s why Koi has a massive lead over incumbents:

1. Non-binary software dominates endpoints today. Market leaders have been slow to adapt. Koi is already building.
2. Existing tools offer fragmented visibility. Even vendors who monitor open-source components don’t have a full view of all software on an endpoint. Koi’s platform detects everything running on every device and provides a unified risk assessment across it all.
3. Risk intelligence alone isn’t enough. Tools like Snyk can identify vulnerabilities but can’t enforce or remediate. Koi closes that gap by allowing organizations to enforce policies and automatically block or manage risky software.

Koi is putting together all the key pieces modern companies need to truly manage their software security risk. And they have a head start due to how well they understand this problem and market.

3. Rapid Traction

Just eight months ago, Koi was an idea. Today, they have an impressive pipeline of customers.

Koi hit $1M ARR faster than companies like Wiz, Snyk, Vanta, Figma, and Loom.

The market is evolving fast, but Koi is moving faster, with a unique solution and a clear advantage.