Home
News
Tech Grid
Interviews
Anecdotes
Think Stack
Press Releases
Articles
  • AIRisk & Compliance

Aikido Security Acquires Root to Strengthen Open Source Security


Aikido Security Acquires Root to Strengthen Open Source Security
  • by: GlobeNewswire
  • |
  • July 1, 2026

Aikido Security has announced the acquisition of Root, combining capabilities to strengthen open source security and address the growing threat of software supply chain attacks. The move brings together both companies' focus on enabling developers and autonomous systems to securely build with open source while improving vulnerability remediation at scale.

Quick Intel

  • Aikido Security has acquired Root to strengthen open source and supply chain security.
  • The combined platform focuses on automated vulnerability remediation without breaking application code.
  • AI-driven attacks and unpatched vulnerabilities are increasing across global software systems.
  • Root’s technology enables patching vulnerabilities without requiring upgrades or migrations.
  • Aikido will provide backported fixes for critical open source vulnerabilities to the community.
  • The acquisition follows Aikido’s rapid growth into a European cybersecurity unicorn in 2025.

Rising Threats in Open Source Supply Chains

Open source software remains foundational to modern applications, but it has also become a primary attack surface for cybercriminals. Organizations now face two escalating risks: malicious code hidden in open source dependencies and long-standing vulnerabilities that remain unpatched in production environments.

High-profile incidents such as Log4Shell continue to impact systems globally years after disclosure, while emerging data shows that nearly one-third of known vulnerabilities are exploited on or before public disclosure. The rise of AI-driven attack methods has further accelerated the speed and scale of exploitation.

Addressing the Patch vs. Break Problem

Traditional vulnerability management often forces organizations into difficult trade-offs: upgrading dependencies that may break applications or migrating to alternative solutions that introduce new risks and costs.

Aikido Security aims to eliminate this trade-off by integrating Root’s technology into its platform, enabling automated patching of vulnerabilities without requiring version upgrades or disruptive changes. The approach focuses on applying verified fixes directly to existing software environments, improving security without affecting application stability.

AI-Powered Automated Vulnerability Remediation

Through Root’s technology, now integrated into Aikido Libraries, organizations can apply security patches directly to vulnerable dependencies while maintaining application compatibility.

The system generates validated fixes across container images and application dependencies, reducing remediation time from weeks to minutes. This approach is designed to help security teams handle the growing volume of vulnerabilities more efficiently while minimizing operational disruption.

Open Source Fixes Returned to the Community

As part of the acquisition, Aikido is introducing backported fixes for critical and actively exploited vulnerabilities across open source ecosystems. These fixes are designed to be contributed back to upstream projects, ensuring that improvements benefit the broader developer community rather than remaining behind commercial boundaries.

This initiative aims to reduce the burden on open source maintainers while improving the overall security posture of widely used software components.

Leadership Perspectives

Willem Delbare, Co-founder and CEO, Aikido Security

"Open source needs patching, and it needs it fast. Today you have two options, and neither works for most companies: upgrade and likely break your application, or migrate to a vendor's locked-down replacement. With Root, we fix what teams are actually running, generating hundreds of verified patches a day: no upgrades, no migrations, no breaking changes. That's how supply chain security gets solved for everyone, not just the 1%."

Adrian Estrada, CTO of NodeSource, OpenJS Board Director and Node.js Core Contributor

"Open source maintainers are drowning in security work while trying to keep the projects the world depends on running. Aikido and Root are taking work off our plate by backporting fixes and contributing them upstream."

Ian Riopel, Co-founder and CEO, Root

"The industry is still stuck on triage, taking a giant list of CVEs and arguing over which ones to fix first. Or worse, telling teams to throw out their images and start over with someone else's. We built Root to skip the argument and just fix the problem in place. This is a choice between walled gardens and real support for open source. We chose open source."

Expanding Aikido’s Security Platform Strategy

The acquisition of Root follows a series of strategic moves by Aikido Security, including prior acquisitions in AI code review and autonomous penetration testing. The company continues to expand its unified security platform across code, infrastructure, and runtime environments.

Aikido Security recently reached unicorn status following a $60 million Series B round, positioning itself as one of Europe’s fastest-growing cybersecurity companies.

 

About Aikido Security

Aikido Security is building self-securing software for modern development teams. Aikido's unified security platform secures everything developers build, ship, and run from code to runtime, helping teams to reduce risk without slowing down development. Aikido is the fastest-ever European cybersecurity company to reach unicorn status and is trusted by over 100,000 teams, with a global customer base including the Premier League, MontBlanc, n8n, Revolut, SoundCloud, and Niantic.

About Root

Root keeps open source secure at the versions teams already run. Root's agentic platform researches, patches, tests, and delivers validated fixes across container images and application dependencies in minutes, not weeks. Root was founded by Ian Riopel, John Amaral, Benji Kalman, and Mickey Gordon, and is backed by Insight Partners, Decibel Ventures, Boldstart Ventures, Lama Partners (formerly FXP Ventures), and TechAviv. Root is trusted by security-conscious organizations, including SiXWorks (an IBM company), DeleteMe, and Relay Networks.

  • CybersecurityOpen Source SecuritySupply Chain SecurityDev Sec OpsVulnerability Management
News Disclaimer
  • Share