Aikido acquires Root for $70mn-$100mn to patch open-source vulnerabilities with AI agents

2 Sources

Share

Belgian cybersecurity unicorn Aikido Security has acquired Israeli startup Root for a reported $70mn to $100mn, gaining AI agents that patch open-source vulnerabilities in 15 to 40 minutes without forcing risky upgrades. The deal addresses a critical problem: fixing security flaws in open-source dependencies without breaking existing applications or creating vendor lock-in.

Aikido Acquires Root to Transform Open-Source Security

Belgian cybersecurity unicorn Aikido Security NV has acquired Root.io Inc., an Israeli startup specializing in AI-driven patching of open-source vulnerabilities, for a reported $70mn to $100mn according to Israeli outlet Calcalist

1

. The deal brings AI agents that autonomously patch vulnerabilities in roughly 15 to 40 minutes, a process that typically takes weeks when done manually

2

. Aikido, which became Europe's fastest cybersecurity company to reach a $1bn valuation in January, plans to absorb all of Root's roughly 25 staff and open a development centre in Israel

1

.

Solving the Open-Source Patching Dilemma

Source: SiliconANGLE

Source: SiliconANGLE

The acquisition targets a persistent challenge in software security: how to patch open-source software without breaking production systems. When a dependency turns vulnerable, teams face two problematic choices. Upgrade to a newer version and risk breaking a working application or pulling in fresh malware, or migrate to a vendor's locked-down replacement and accept months of work plus vendor lock-in

1

. Root's platform bypasses this trade-off entirely by deploying swarms of specialized AI agents that research, write, test, and ship patches directly to the exact versions companies already run, eliminating the need for forced upgrades or migrations

2

.

Autonomous Vulnerability Remediation in Action

Root's approach to patching open-source vulnerabilities delivers measurable results. In more than four out of five cases, the system makes no code changes at all, with human reviewers signing off rather than writing patches themselves

2

. Data security firm BigID cleared more than 1,000 vulnerabilities in two weeks using Root's technology, with over 300 rated high or critical across six production images, all while maintaining its existing Debian and Ubuntu-based stacks

1

. Aikido is integrating this capability into its platform as Aikido Libraries, which the company says generates hundreds of verified patches daily

2

.

Racing Against AI-Powered Attackers

The timing reflects an escalating threat landscape where AI cuts both ways. Attackers now hit almost a third of known vulnerabilities on or before the day they surface, leveraging AI for faster exploitation

1

. The agentic approach that enables Root's rapid patching gives defenders the speed they need to counter attackers who already possess similar capabilities. This arms race extends across the entire software supply chain, from malware smuggled into popular packages to breaches exposing AI training secrets.

Backporting Fixes to the Open-Source Community

Alongside the acquisition, Aikido announced it will backport critical fixes for actively exploited open-source vulnerabilities to the wider community, contributing patches upstream to maintainer projects rather than keeping them behind a paywall

2

. "This is a choice between walled gardens and real support for open source. We chose open source," said Ian Riopel, Root's co-founder and chief executive

1

. Adrian Estrada, chief technology officer of NodeSource and an OpenJS board director, welcomed the move, noting that maintainers are "drowning in security work" and that the backports relieve their burden

1

.

Building a Comprehensive Security Platform

Root caps an aggressive acquisition strategy for Aikido in 2025, following purchases of AI code-review startup Trag and autonomous penetration testing firms Allseek BV and Haicker SA

2

. The AI-driven platform for patching represents a natural addition to Aikido's vision of securing code from development through production. Founded in 2020 as Slim.AI Inc., Root originally offered the popular open-source container tool Slim Toolkit before pivoting from shrinking container images to securing them and rebranding last year

2

. Root had raised $37.6mn, including a $31mn Series A in 2022, and Gartner this year named it an emerging vendor in automated vulnerability remediation

1

. Aikido now serves more than 100,000 teams, including Revolut, SoundCloud, and the Premier League

1

.

Today's Top Stories

© 2026 TheOutpost.AI All rights reserved