CIO Influence
CIO Influence News Machine Learning Security

Aikido Acquires Root to Defend Open Source From AI-Powered Attacks

Aikido Acquires Root to Defend Open Source From AI-Powered Attacks

Aikido Security Launches Endpoint Protection for Developer

AI agents research, patch, and test open-source vulnerabilities without forcing teams to upgrade

Aikido Security announced it has acquired Root, uniting behind a shared mission to make it easy for developers and agents to build with secure open source and tackle the growing threat of supply chain attacks. Open source is the foundation of almost every application in the world, and it has become the primary entry point for attackers.

Organizations face two converging threats: attackers hide malware inside the open source packages that applications depend on, and vulnerabilities sit unpatched in production for years. Log4Shell, the critical vulnerability found in Log4j in 2021, still runs in millions of systems today. AI is giving attackers faster and cheaper ways to exploit both threats, and almost a third of known vulnerabilities are now exploited on or before the day they’re disclosed.

“Open source needs patching, and it needs it fast. Today you have two options, and neither works for most companies: upgrade and likely break your application, or migrate to a vendor’s locked-down replacement,” said Willem Delbare, co-founder and CEO of Aikido Security. “With Root, we fix what teams are actually running, generating hundreds of verified patches a day: no upgrades, no migrations, no breaking changes. That’s how supply chain security gets solved for everyone, not just the 1%.”

Upgrading to a newer version can introduce malware or break working code, while patching every dependency yourself is impossible. Aikido Libraries, powered by Root’s technology, allows you to apply a patch to the vulnerability without being impacted by breaking changes.

Also Read: CIO Influence Interview with Hugo Dozois-Caouette, CTO and Co-founder at MaintainX

To back the mission with action, Aikido is announcing an industry first: backported fixes for critical, actively exploited open source vulnerabilities to the community across supported ecosystems. This returns patches to the projects that need them rather than keeping them behind a paywall.

“Open source maintainers are drowning in security work while trying to keep the projects the world depends on running,” said Adrian Estrada, CTO of NodeSource, OpenJS Board Director and Node.js Core Contributor. “Aikido and Root are taking work off our plate by backporting fixes and contributing them upstream.”

“The industry is still stuck on triage, taking a giant list of CVEs and arguing over which ones to fix first. Or worse, telling teams to throw out their images and start over with someone else’s,” said Ian Riopel, co-founder and CEO of Root. “We built Root to skip the argument and just fix the problem in place. This is a choice between walled gardens and real support for open source. We chose open source.”

Root began as Slim.AI, the company behind the widely used open source container tool Slim Toolkit, formerly DockerSlim, and is backed by Insight Partners, which co-led their $31M Series A in 2022. Earlier this year, Gartner recognized Root as an emerging technology vendor in Automated Vulnerability Remediation.

This is the latest in a string of acquisitions for Aikido, following AI code-review startup Trag and autonomous pen-testing companies Allseek and Haicker in 2025. Earlier this year, Aikido became the fastest-ever European cybersecurity company to reach unicorn status with a $60 million Series B at a $1 billion valuation.

Catch more CIO Insights: CIOs as Ecosystem Architects: Designing Partnerships, APIs, And Digital Platforms

[To share your insights with us, please write to psen@itechseries.com ]

Related posts

Filigran Raises $35M in Series B Funding to Drive Global Expansion and Product Innovation

PR Newswire

Model9 Appoints Eduardo Ciliendo, former Director of Worldwide Sales for IBM Z, as VP Worldwide Technology and Strategy

Hobbs, New Mexico Deploys ZeroEyes’ AI-Based Gun Detection and Intelligent Situational Awareness Platform to Deter and Mitigate Gun-Related Violence

PR Newswire