en.Wedoany.com Reported - Belgian cybersecurity company Aikido Security NV has announced the acquisition of Root.io Inc., which specializes in providing open-source vulnerability remediation services for the exact versions of software running within organizations.
Founded in 2020 under the name Slim.AI Inc., Root originally launched the well-known open-source container tool Slim Toolkit. Last year, the company shifted its focus from reducing container image sizes to securing them, and subsequently rebranded.
Root offers an agent-driven vulnerability remediation solution. When a new vulnerability is disclosed, multiple specialized AI agents conduct research, write, test, and generate patches within approximately 15 to 40 minutes—a process that could take weeks manually. The fixes are directly embedded into the company's running container images and software dependencies, targeting their specific pinned versions, without requiring code rebuilds or migrations.
In over 80% of cases, Root makes no modifications to the code, with human reviewers signing off rather than writing patches. The company states that data security firm BigID Inc. leveraged this approach to eliminate over 1,000 vulnerabilities across six production images within two weeks, including more than 300 rated as high or critical severity, without abandoning its Debian- and Ubuntu-based software stack.
For Aikido, the appeal of Root's technology lies in avoiding the dilemma most teams face with dependency vulnerabilities: upgrading software packages may break existing applications or introduce new malware, while migrating to vendor-locked solutions merely replaces one dependency with another. Patches generated by Root—integrated into Aikido's platform as the Aikido Libraries feature—fix only specific vulnerabilities without the disruptive changes typical of full version upgrades. The company reports that the technology can produce hundreds of verified patches daily.
Co-founder and CEO Willem Delbare stated that open-source requires rapid vulnerability patching, yet existing upgrade or migration solutions are ineffective for most companies; Root's patching approach allows teams to resolve issues without upgrades, migrations, or disruptive changes. The solution aims to make supply chain security accessible to all enterprises, not just a select few.
Prior to the acquisition, Root had raised a total of $37.6 million, including a $31 million Series A round in 2022 co-led by Insight Partners and StepStone Group. Gartner Inc. named Root an emerging vendor in the automated vulnerability remediation category this year.
Aikido stated that, in addition to the acquisition, it will backport fixes for critical and actively exploited open-source vulnerabilities within its supported ecosystem and contribute these patches to upstream projects, rather than placing them behind a paywall.
This acquisition marks the end of an intense acquisition period for Aikido. In 2025, Aikido successively acquired AI code review startup Trag, autonomous penetration testing company Allseek BV, and Haicker SA. In January, the company raised $60 million in a Series B round at a $1 billion valuation, becoming the fastest European cybersecurity company to achieve unicorn status. Aikido reports that its platform is now used by over 100,000 teams, with clients including the Premier League, Revolut Ltd., and SoundCloud.









