Cybersecurity Powering the next generation of digital resilience.
Software Infra Building the backbone of tomorrow’s enterprise.
Fintech Redefining trust, money, and the future of financial systems.
Digital Health Transforming care with data, AI, and human insight.
8 reasons I’m excited about the future of fintech
Venture Capital Backing the most enduring founders.
Venture Creation From before-ideas to impact, building success by design.
8 reasons I’m excited about the future of fintech
News Updates and announcements
Events Where innovation meets conversation
Reports Data-driven perspectives on where industries are headed.
8 reasons I’m excited about the future of fintech
About Our story, mission, and the methodology behind Team8.
Team Meet the builders, thinkers, and leaders behind Team8.
Careers Join a team where success is engineered, not accidental.
8 reasons I’m excited about the future of fintech
Contact us
Contact us
Contact us
Contact us
  • Home
  • News
  • A Generational Opportunity: Why We Invested in Koi
Cybersecurity

A Generational Opportunity: Why We Invested in Koi

September 11, 2025
Ori Barzilay

Partner

The definition of the endpoint has changed.

The way enterprises secure endpoints is becoming insufficient. Traditional endpoint protection was built for a world of executables and operating systems, but today’s endpoints are dominated by non-executable software: developer packages, IDE extensions, containers, MCPs, and AI models. These components now outnumber binaries by orders of magnitude, yet remain unmanaged, invisible to security teams, and easily exploited.

Koi isn’t just another endpoint platform. It’s pioneering a new era of software-layer endpoint protection.
By combining continuous visibility, an AI-driven risk engine, and automated enforcement, Koi gives enterprises control over every piece of software running on their endpoints.
The company is redefining how modern organizations secure the endpoint, ensuring that innovation at the software layer doesn’t come at the cost of resilience and safety.

The Endpoint Challenge: Beyond Executables

Modern enterprise endpoints are no longer defined by binaries and OS files. Instead, they’re dynamic environments shaped by developer-installed packages, marketplace extensions, containers, and AI models. These artifacts introduce critical risk- but legacy tools were never designed to manage them. The result is a blind spot that keeps growing:

  • Unseen software– Non-executables bypass IT and security, installed directly through developer workflows and app stores.
  • Unstructured sprawl– Thousands of extensions and packages proliferate across endpoints, often ephemeral, unmanaged, and inconsistent.
  • Legacy blind spots– EDRs and EPPs focus on file signatures and malware heuristics; they cannot analyze or enforce policies over this layer.
  • Escalating risk– Software supply chain attacks are increasing, and CISOs know their endpoints are exposed where governance is weakest.

Addressing executables alone is no longer sufficient. The real challenge is governing the non- binay software layer of the endpoint- ensuring that every package, extension, and model is visible, evaluated, and controlled.

Koi Dashboard
Koi Dashboard

The founders

Backing Koi is not just about timing and product. It’s about the team.

Part of the team were part of the Sygnia journey, a Team8 company we created that became one of the world’s premier cyber defense consultancies, Acquired by Temasek for $250M. At Sygnia, they worked on the front lines of enterprise security: investigating breaches, running red and blue teams, and confronting advanced attackers in real time. That experience gave them a deep appreciation for where blind spots emerge, and how attackers exploit them.

Later, they joined Canonic, where they built tools to analyze OAuth apps, browser extensions, and SaaS add-ons- proving the risk of unmanaged software components at scale. Canonic was acquired by Zscaler, where they continued expanding their insights and initiatives.

Alongside them is CEO Amit Assaraf, a founder with both strong business instincts and deep technical capability. Amit has a rare combination of a technical CEO as well as a business and marketing leader combined. Together, they represent frontline cyber experience, product execution, and the entrepreneurial drive needed to define a new category.

This May, we met the team once again, as Koi participated at the 2025 CISO Village Summit as part of the Startup Innovation track, presenting Koi’s pitch and demo in front of over 100 of the world’s leading CISOs.

The traction and results that the Koi team gained during the Summit were outstanding. The pull from the market was felt strongly and the why now was loud and clear. Multiple CISOs requested follow ups and mentioned the challenges they are facing with the rise of non-binary components in their organization.

Koi’s solution

Koi is building the first endpoint security platform purpose-built for the non-binary software layer. Its architecture integrates three essential capabilities:

  • Visibility – Continuous introspection into every non-executable artifact on the endpoint: packages, extensions, containers, AI models, and more.
  • Risk evaluation – An agentic AI-driven engine that classifies and analyzes new artifacts in near real time. Unlike legacy scanners, it doesn’t depend on static CVEs or signatures, but adapts to emerging threats as soon as they appear.
  • Policy enforcement – Dynamic allow, block, and remediation controls that align with enterprise governance. This transforms visibility into actionable security.

This is resilience applied to the endpoint. Not just detection. Not just response. But the ability to anticipate, prevent, and recover from disruption before it cascades across the enterprise.

Koi doesn’t replace legacy endpoint tools. It completes them. Addressing the structural blind spot they were never designed to cover.

Koi remediation
Koi Remediation Screen

Why now: A new risk surface

The modern endpoint is dynamic and user-driven. Developers install what they need: npm modules, Python packages, VSCode extensions, AI notebooks and agents. Employees add browser plugins or productivity apps from third-party stores.

Each component can introduce risk, from malicious code to over-permissioned access, yet most are invisible to existing tools. Governance is minimal. Attacks targeting this layer are increasing, but defenses remain immature.

CISOs recognize the problem. Some organizations have created “software governance” roles. Others are building partial internal tools. But no incumbent vendor owns this space.

The timing is clear: the endpoint has shifted, and security must follow.

The demand signal is clear. Enterprises are already looking for solutions. CISOs we work with are asking questions about software-layer governance. Some are even building stopgap tools internally.

But there is no incumbent. The space is open.

Koi is not entering a crowded market; they are defining a new one. 

The momentum behind Koi reflects a truth we’ve seen before: when the market knows it has a blind spot, the right solution doesn’t need to be sold, it gets pulled in.

The endpoint is near.

We believe Koi will define the reference architecture for securing modern endpoints. And we’re proud to partner with them on that journey.

The non-binary software perimeter is no longer invisible. Koi is making sure it’s no longer unprotected as well.

Learn more here > https://www.koi.security/
Ori Barzilay

Partner

Ori Barzilay is a Partner at Team8, where he invests in Cyber and Software Infrastructure companies.

Share:

Insights

See all insights

Designing 2026 – The opportunities our team is most excited about

Team8 CISO Village Summit 2026

From Insight to Conviction: The Method Behind Team8’s Venture Creation Model

Cyber City After Dark

Investing in Port’s $100M C-Round: Doubling-Down on Agentic Engineering
See all insights
See all insights

Join our community

and get weekly updates on our latest news to your email