GHENT, Belgium, June 30, 2026 (GLOBE NEWSWIRE) — Aikido Security today announced it has acquired Root, uniting behind a shared mission to make it easy for developers and agents to build with secure open source and tackle the growing threat of supply chain attacks. Open source is the foundation of almost every application in the world, and it has become the primary entry point for attackers.
Organizations face two converging threats: attackers hide malware inside the open source packages that applications depend on, and vulnerabilities sit unpatched in production for years. Log4Shell, the critical vulnerability found in Log4j in 2021, still runs in millions of systems today. AI is giving attackers faster and cheaper ways to exploit both threats, and almost a third of known vulnerabilities are now exploited on or before the day they’re disclosed.
“Open source needs patching, and it needs it fast. Today you have two options, and neither works for most companies: upgrade and likely break your application, or migrate to a vendor’s locked-down replacement,” said Willem Delbare, co-founder and CEO of Aikido Security. “With Root, we fix what teams are actually running, generating hundreds of verified patches a day: no upgrades, no migrations, no breaking changes. That’s how supply chain security gets solved for everyone, not just the 1%.”
Upgrading to a newer version can introduce malware or break working code, while patching every dependency yourself is impossible. Aikido Libraries, powered by Root’s technology, allows you to apply a patch to the vulnerability without being impacted by breaking changes.
To back the mission with action, Aikido is announcing an industry first: backported fixes for critical, actively exploited open source vulnerabilities to the community across supported ecosystems. This returns patches to the projects that need them rather than keeping them behind a paywall.
“Open source maintainers are drowning in security work while trying to keep the projects the world depends on running,” said Adrian Estrada, CTO of NodeSource, OpenJS Board Director and Node.js Core Contributor. “Aikido and Root are taking work off our plate by backporting fixes and contributing them upstream.”
“The industry is still stuck on triage, taking a giant list of CVEs and arguing over which ones to fix first. Or worse, telling teams to throw out their images and start over with someone else’s,” said Ian Riopel, co-founder and CEO of Root. “We built Root to skip the argument and just fix the problem in place. This is a choice between walled gardens and real support for open source. We chose open source.”
Root began as Slim.AI, the company behind the widely used open source container tool Slim Toolkit, formerly DockerSlim, and is backed by Insight Partners, which co-led their $31M Series A in 2022. Earlier this year, Gartner recognized Root as an emerging technology vendor in Automated Vulnerability Remediation.
This is the latest in a string of acquisitions for Aikido, following AI code-review startup Trag and autonomous pen-testing companies Allseek and Haicker in 2025. Earlier this year, Aikido became the fastest-ever European cybersecurity company to reach unicorn status with a $60 million Series B at a $1 billion valuation.
About Aikido Security
Aikido Security is building self-securing software for modern development teams. Aikido’s unified security platform secures everything developers build, ship, and run from code to runtime, helping teams to reduce risk without slowing down development. Aikido is the fastest-ever European cybersecurity company to reach unicorn status and is trusted by over 100,000 teams, with a global customer base including the Premier League, MontBlanc, n8n, Revolut, SoundCloud, and Niantic.
For more information, visit https://www.aikido.dev/.
About Root
Root keeps open source secure at the versions teams already run. Root’s agentic platform researches, patches, tests, and delivers validated fixes across container images and application dependencies in minutes, not weeks. Root was founded by Ian Riopel, John Amaral, Benji Kalman, and Mickey Gordon, and is backed by Insight Partners, Decibel Ventures, Boldstart Ventures, Lama Partners (formerly FXP Ventures), and TechAviv. Root is trusted by security-conscious organizations, including SiXWorks (an IBM company), DeleteMe, and Relay Networks.
Media Contact
press@aikido.dev
