Aikido acquires Israel's Root to enhance open source using AI.

Aikido acquires Israel's Root to enhance open source using AI.

      Belgian cybersecurity unicorn Aikido has reportedly acquired Root for $70 million, focusing on AI agents that address open-source vulnerabilities without disrupting the applications that rely on them, a capability that most security tools lack. Aikido Security, located in Ghent, became the fastest cybersecurity company in Europe to achieve a $1 billion valuation in January. The new acquisition, Root, is a startup based in Boston with an additional office in Tel Aviv. While Aikido hasn't publicly disclosed the acquisition price, Israeli outlet Calcalist reported it at $70 million. Aikido will integrate Root's Tel Aviv office and its approximately 25 employees.

      The challenge of vulnerabilities in open source is familiar to every software company, yet few have effectively resolved it. Open source is pervasive and riddled with security issues. Nearly all applications depend on open-source packages, making them an attractive target for cyber criminals. The Log4Shell vulnerability found in Log4j in 2021 still affects millions of systems today.

      Addressing these vulnerabilities is intended to be straightforward but often proves to be complex. When a dependency is identified as insecure, a development team faces tough choices. They can upgrade to a newer version, risking disruption of a functioning application or introducing new malware, or transition to a vendor's controlled alternative, merely replacing one dependency with another—a process that can take months.

      Root offers a solution to bypass this dilemma. Its platform utilizes swarms of AI agents capable of researching, writing, testing, and deploying a patch within approximately 15 to 40 minutes, as noted by SiliconANGLE. In contrast, performing the same task manually usually takes weeks. The fix is delivered directly to the existing version in use, eliminating the need for a rebuild or migration. In over 80% of instances, Root makes no alterations to the code at all, with a human reviewer approving rather than creating the patch.

      Aikido plans to incorporate this functionality into its platform under the name Aikido Libraries. One of its clients, the data security company BigID, was able to resolve over 1,000 vulnerabilities in just two weeks, including more than 300 classified as high or critical, distributed across six production images, all while maintaining its current stack.

      The timing is strategic, as AI now provides attackers with quicker and more cost-effective methods to identify and exploit vulnerabilities. Hackers are targeting nearly a third of known flaws on the day they are discovered or earlier. Root’s rapid patching capability offers defenders the speed necessary to keep pace with attackers.

      This threat is evident throughout the software supply chain, from malware hidden in popular packages to breaches exposing sensitive AI training data. It includes the security shortcomings associated with fast-paced development environments. Aikido believes that combating agents with agents is crucial for maintaining security.

      In conjunction with the acquisition, Aikido announced an uncommon initiative for a commercial security firm. It will backport its solutions for critical, actively targeted open-source vulnerabilities to benefit the broader community, planning to contribute these fixes back to the original projects rather than keeping them behind a paywall. “This is a choice between walled gardens and genuine support for open source. We chose open source,” stated Ian Riopel, Root’s co-founder and CEO. Adrian Estrada, chief technology officer of NodeSource and an OpenJS board member, supported the initiative, noting that maintainers are overwhelmed with security tasks, and the backports will alleviate some of their burden.

      Root itself has a unique background. Originally starting as Slim.AI, the creators behind the popular open-source container tool Slim Toolkit, it later shifted focus from reducing container sizes to enhancing their security. Root has secured approximately $37.6 million in funding and was recognized by Gartner this year as an emerging vendor in automated vulnerability remediation.

      For Aikido, the acquisition of Root concludes a busy year of strategic purchases. In 2025, it acquired the AI code review firm Trag as well as the autonomous penetration testing companies Allseek and Haicker. A branded patch engine is a logical addition for a company providing a comprehensive platform for securing code from development to deployment.

      This deal accentuates the growing trend of European companies taking the lead in investing in cybersecurity talent. Aikido now supports over 100,000 teams, including notable clients like Revolut, SoundCloud, and the Premier League. With the addition of Root, Aikido is betting that the optimal strategy in open-source security is not to debate which vulnerabilities to address first, but to simply fix them as they are identified.

Other articles

Queue secures $12.6 million for its autonomous robotic pharmacy. Queue secures $12.6 million for its autonomous robotic pharmacy. Queue has come out of stealth mode, securing a $12.6 million seed round led by AlleyCorp and introducing what it claims to be the world's first fully autonomous robotic pharmacy. MDOTM secures $27 million for its artificial intelligence wealth management platform. MDOTM secures $27 million for its artificial intelligence wealth management platform. London's MDOTM has secured $27 million in funding, with Expedition leading the investment, to expand Sphere, its AI platform that currently operates over $100 billion for banks and asset managers. Reddit is discontinuing anonymous browsing on the old version of the site, which has displeased many long-time users. Reddit is discontinuing anonymous browsing on the old version of the site, which has displeased many long-time users. Reddit is implementing a login requirement for old.reddit.com, and a post from the admin suggesting that this change might not be permanent has caused concern among long-time users. Daniel Dines of UiPath discusses AI, employment, and feelings of anxiety. Daniel Dines of UiPath discusses AI, employment, and feelings of anxiety. Daniel Dines from UiPath asserts that AI lacks discernment, that agents are unable to quickly rectify disorganized processes, and that leaders who indiscriminately reduce their workforce undermine value that they have never assessed. Europe's cryptocurrency reformation is in progress as Venga becomes part of the initial group of firms approved under MiCA. Europe's cryptocurrency reformation is in progress as Venga becomes part of the initial group of firms approved under MiCA. MiCA has reduced the number of registered crypto firms in Europe from 3,000 to only 244 authorized providers. Venga, based in Barcelona, meets the requirements, even as Binance scales back its EU services before the deadline. Base44 introduces Base1, its proprietary AI model for vibe coding. Base44 has introduced Base1, the inaugural proprietary AI model from a vibe-coding platform, banking on the idea that having its own model will lead to improved margins and a genuine competitive advantage.

Aikido acquires Israel's Root to enhance open source using AI.

Belgian cyber unicorn Aikido has purchased the Israeli startup Root, which utilizes AI agents to fix open-source vulnerabilities within minutes without necessitating risky upgrades.