Skip to main content

Aikido Acquires Root to Defend Open Source From AI-Powered Attacks

AI agents research, patch, and test open-source vulnerabilities without forcing teams to upgrade

GHENT, Belgium, June 30, 2026 (GLOBE NEWSWIRE) — Aikido Security today announced it has acquired Root, uniting behind a shared mission to make it easy for developers and agents to build with secure open source and tackle the growing threat of supply chain attacks. Open source is the foundation of almost every application in the world, and it has become the primary entry point for attackers.

Organizations face two converging threats: attackers hide malware inside the open source packages that applications depend on, and vulnerabilities sit unpatched in production for years. Log4Shell, the critical vulnerability found in Log4j in 2021, still runs in millions of systems today. AI is giving attackers faster and cheaper ways to exploit both threats, and almost a third of known vulnerabilities are now exploited on or before the day they’re disclosed.

“Open source needs patching, and it needs it fast. Today you have two options, and neither works for most companies: upgrade and likely break your application, or migrate to a vendor’s locked-down replacement,” said Willem Delbare, co-founder and CEO of Aikido Security. “With Root, we fix what teams are actually running, generating hundreds of verified patches a day: no upgrades, no migrations, no breaking changes. That’s how supply chain security gets solved for everyone, not just the 1%.”

Upgrading to a newer version can introduce malware or break working code, while patching every dependency yourself is impossible. Aikido Libraries, powered by Root’s technology, allows you to apply a patch to the vulnerability without being impacted by breaking changes.

To back the mission with action, Aikido is announcing an industry first: backported fixes for critical, actively exploited open source vulnerabilities to the community across supported ecosystems. This returns patches to the projects that need them rather than keeping them behind a paywall.

“Open source maintainers are drowning in security work while trying to keep the projects the world depends on running,” said Adrian Estrada, CTO of NodeSource, OpenJS Board Director and Node.js Core Contributor. “Aikido and Root are taking work off our plate by backporting fixes and contributing them upstream.”

“The industry is still stuck on triage, taking a giant list of CVEs and arguing over which ones to fix first. Or worse, telling teams to throw out their images and start over with someone else’s,” said Ian Riopel, co-founder and CEO of Root. “We built Root to skip the argument and just fix the problem in place. This is a choice between walled gardens and real support for open source. We chose open source.”

Root began as Slim.AI, the company behind the widely used open source container tool Slim Toolkit, formerly DockerSlim, and is backed by Insight Partners, which co-led their $31M Series A in 2022. Earlier this year, Gartner recognized Root as an emerging technology vendor in Automated Vulnerability Remediation.

This is the latest in a string of acquisitions for Aikido, following AI code-review startup Trag and autonomous pen-testing companies Allseek and Haicker in 2025. Earlier this year, Aikido became the fastest-ever European cybersecurity company to reach unicorn status with a $60 million Series B at a $1 billion valuation.

About Aikido Security
Aikido Security is building self-securing software for modern development teams. Aikido’s unified security platform secures everything developers build, ship, and run from code to runtime, helping teams to reduce risk without slowing down development. Aikido is the fastest-ever European cybersecurity company to reach unicorn status and is trusted by over 100,000 teams, with a global customer base including the Premier League, MontBlanc, n8n, Revolut, SoundCloud, and Niantic.

For more information, visit https://www.aikido.dev/.

About Root
Root keeps open source secure at the versions teams already run. Root’s agentic platform researches, patches, tests, and delivers validated fixes across container images and application dependencies in minutes, not weeks. Root was founded by Ian Riopel, John Amaral, Benji Kalman, and Mickey Gordon, and is backed by Insight Partners, Decibel Ventures, Boldstart Ventures, Lama Partners (formerly FXP Ventures), and TechAviv. Root is trusted by security-conscious organizations, including SiXWorks (an IBM company), DeleteMe, and Relay Networks.

Media Contact
press@aikido.dev

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.