Koi Secures $48M to Protect AI Models, Code, and Extensions

Washington D.C.-based startup Koi has successfully raised $48 million to enhance the security of AI models, code packages, extensions, and containers, directly addressing the vulnerabilities often overlooked by conventional endpoint security solutions.

Koi, co-founded and led by Amit Assaraf, a former Israeli Military Intelligence officer, aims to fortify its offerings using seed and Series A funding to scale its operations across diverse non-binary platforms while catering to large global enterprises. Assaraf highlighted Koi’s unique value proposition lies in its capacity to effectively map, assess, and govern the increasingly intricate software landscape at an enterprise level, thereby positioning itself as a pioneer in a swiftly evolving market.

Notably, Assaraf pointed out that non-binary software, which has surged in use over the past five years, now poses a greater threat than traditional binary formats. This requires a significant shift in R&D efforts to support a wider array of non-binary software types, each with distinct security needs, including extensions, machine learning models, and containers.

Founded in 2024, Koi has quickly assembled a talented team of 40 professionals and attracted investments from notable firms such as Battery Ventures, Team8, Picture Capital, and NFX. Assaraf brings valuable insights from his past tenure as chief technology officer at Lando, where he honed expertise in cybersecurity.

The Risks Associated with Non-Binary Software

In contrast to conventional approaches, the team initiated a white-hat hacking project, successfully infiltrating over 400 entities, including major corporations like Oracle and Pizza Hut. This provoked a notable response from Chief Information Security Officers (CISOs) and led to the development of an early risk engine prototype. The findings underscored the increasing demand for enhanced security measures.

Assaraf stated, “There’s a significant market opportunity here, as we are likely the only solution capable of integrating into existing enterprises to map out these non-binary vulnerabilities, assess risks, and mitigate them.” The diverse nature of non-binary software complicates traditional security measures, as such software can operate within browsers or in isolated environments, evading detection.

Koi’s risk engine employs advanced large language models to scrutinize and categorize various non-binary software types, an essential step toward establishing comprehensive governance. Assaraf noted that traditional endpoint security tools were designed in an era when binary software was prevalent, leaving a substantial security gap for modern enterprises.

Going forward, Koi plans to systematically extend its platform coverage based on customer feedback and specific usage trends, incorporating support for additional tools such as Microsoft’s WinGet package manager. Each type of non-binary software possesses unique technical attributes, which necessitates tailored detection and risk assessment approaches.

Noteworthy is Koi’s successful growth trajectory, with approximately 70% of its sales pipeline generated through inbound interest from major companies. They aim to replicate this success in scaling their sales efforts, enhancing their capacity to engage with both mid-market and large enterprise clients across various sectors.

While many cybersecurity companies focus on specific market segments, Koi caters to a wide spectrum of clients, from small Web3 firms to multinational banking institutions with extensive endpoints. This has garnered them recognition as a top-tier vendor, especially in sectors where vulnerabilities in extensions and packages can directly jeopardize financial systems and intellectual property.

As new entrants attempt to address singular aspects of non-binary software security, Koi remains unparalleled in offering a holistic approach to risk management, encompassing all non-binary software types, endpoints, and geographic locations. Assaraf emphasized that their pioneering stance positions them uniquely within the cybersecurity landscape, creating a substantial opportunity for future growth.