A Belgian cybersecurity unicorn bought an Israeli startup with an unusual gimmick. Its AI agents fix an open source flaw without breaking the application that depends on it, something most security tools can’t do.
Aikido Security, based in Ghent, became Europe’s fastest-growing cybersecurity company to reach a billion-dollar valuation in January. have now acquired root. Aikido did not reveal a price. Israeli exit Calcalista reported a figure of between 70 and 100 million dollars. Aikido will also open a development center in Israel. It plans to absorb Root’s roughly 25 employees, most of them in Tel Aviv.
The goal is a problem that every software company knows and few have solved. Open source is everywhere and full of holes. Almost all applications are based on open source packages, making them a favorite way for attackers. Log4Shell, the critical bug found in Log4j in 2021, is still running on millions of systems today.
Patch without pain
Fixing these defects is supposed to be easy and it rarely is. When a dependency is vulnerable, a team’s decisions are both bad. Upgrade to a newer version and you risk breaking a working app or receiving new malware. Migrate to a vendor-locked replacement and you’ve swapped one dependency for another. This usually takes months of work.
Root’s argument is to skip that commitment. Its platform runs swarms of AI agents that research, write, test, and ship a patch in about 15 to 40 minutes. according to SiliconANGLE. By hand, the same job can take weeks. The solution goes directly to the exact version a company already runs, so there is no rebuild or migration. In more than four out of five cases, Root does not change any code. A human reviewer approves the patch instead of writing it.
Aikido is incorporating this into its platform as a feature called Aikido Libraries. One customer, data security company BigID, eliminated more than 1,000 vulnerabilities in two weeks. More than 300 of those considered high or critical were spread across six production images and kept their existing stack.
Why AI cuts both ways
The timing is not an accident. AI gives attackers faster and cheaper ways to find and exploit flaws. Attackers now attack nearly a third of known vulnerabilities on or before the day they appear. The agentive approach that allows Root to patch in minutes gives defenders the speed they now need. The people who entered already have it.
That threat is already visible throughout the software supply chain. run from malware smuggled in popular packages to violations that are filtered Secrets of AI training. Get to the security flaws that accumulate around the rapids vibration coding platforms. Aikido’s bet is that fighting agents is the only way to keep up.
A rare open source return
In addition to the deal, Aikido announced something unusual for a commercial security company. It will support its fixes for actively exploited critical open source vulnerabilities to the broader community. Plan to contribute them to projects that maintain the code, rather than keeping them behind a paywall.
“This is a choice between walled gardens and real support for open source. We chose open source,” said Ian Riopel, co-founder and CEO of Root. Adrian Estrada, CTO of NodeSource and board director of OpenJS, welcomed the move. He said maintenance people are “drowning in security work” and that backports take work off their shoulders.
Root has an unusual story of its own. It started as Slim.AI, the company behind the widely used open source container tool Slim Toolkit. He later moved from shrinking container images to protecting them. It had raised about $37.6 million and this year Gartner named it an emerging provider in automated vulnerability remediation.
The Aikido Shopping Spree
For Aikido, Root caps a busy year of purchasing. In 2025, it acquired AI code review startup Trag and autonomous penetration testing companies Allseek and Haicker. A branded patching engine is a natural next piece for a company that sells a single platform for protecting code from writing to execution.
The deal also underlines how much of the world’s cybersecurity talent is still in Israeland how more and more European buyers are writing the checks. Aikido now services over 100,000 teams including Revolut, SoundCloud and the Premier League. With Root, you’re betting that the winning move in open source security isn’t arguing about which holes to fix first, but simply fixing them where they are.






