A white-hat hacking gambit spawned $48 million in venture funding for cybersecurity startup Koi. Read its pitch deck.

Koi, a burgeoning cybersecurity startup, has successfully secured $48 million in funding to bolster defenses against elusive software add-ons that can slip past traditional security measures. According to co-founder and CEO Amit Assaraf, as organizations increasingly integrate AI models, browser extensions, and various software packages into their operations for enhanced productivity, new security risks arise that can outsmart IT departments. "It's essential to empower teams to utilize these tools for productivity gains while maintaining security," Assaraf emphasized. Koi recently completed a $10 million seed funding round in December, followed by a substantial $38 million Series A round in August. The seed round was led by Picture Capital and NFX, while Battery Ventures and Team8 took the lead on the Series A, with Cerca Partners contributing to both funding rounds. Founded in Washington, DC, in 2022 by Assaraf along with fellow former Israel Defense Forces intelligence unit members Idan Dardikman (CTO) and Itay Kruk (CPO), Koi's origin is distinct within the cybersecurity landscape. The trio's journey began during a white-hat hacking initiative in the summer of 2024, where they identified a vulnerability in the Microsoft Visual Studio Code Marketplace. They quickly developed a deceptive theme extension named 'Darcula Official' that was capable of harvesting sensitive user information and remotely controlling systems. Remarkably, this extension was downloaded by hundreds of organizations, including employees from major firms like Oracle and Pizza Hut within a week. Following the experiment, the team responsibly disclosed their findings and withdrew from the compromised environments. This experience led to the creation of a security tool named ExtensionTotal, which was later rebranded as Koi shortly after securing seed funding. Koi's offerings extend beyond just browser extensions; the platform includes risk assessments, software download monitoring, and the implementation of security protocols to prevent malicious software from causing harm. Notably, Koi utilizes an AI-driven risk engine to identify and mitigate threats effectively. In a remarkable achievement, Koi reported surpassing $1 million in annual recurring revenue within just three months of operation. The company now serves a diverse clientele, including Fortune 50 firms in finance and retail, as well as several Fortune 500 technology companies. With a dedicated team of 40 employees, Koi plans to allocate its new funding towards expanding its sales, research and development, customer success, and technical support divisions. Additionally, details of the pitch deck used for the Series A funding will be shared publicly, with some slides redacted for confidentiality.