Ghent, Belgium. Aikido Security, Europe's first cybersecurity unicorn, has made a move that could redefine vulnerability management. By acquiring Israeli company Root, it gains AI technology capable of a rare feat: automatically identifying and fixing security flaws in open-source components without crashing the application that depends on them. This marks a turning point for a sector where automated repair has long been the Holy Grail, often stymied by the fear of disrupting critical services.
The puzzle of open-source dependencies
Modern applications are assembled from hundreds of open-source libraries. Each can introduce vulnerabilities, and keeping them up to date is a constant effort. Security scanners raise alerts, but then it falls to development teams to intervene, often without deep understanding of third-party code. The result? Delayed patches, extended exposure, and, when fixes are attempted, the real risk of breaking changes: the application suddenly stops working because the patch altered a function used in an unexpected way.
AI agents against unwanted downtime
Root’s proposition is to deploy AI agents that analyze context: they don’t stop at the single vulnerability, but map how the component is integrated within the system. The goal is to generate a surgical fix that resolves the issue without touching public interfaces or expected behaviors. This approach closely resembles program synthesis and automated reasoning techniques, now made more practical by the evolution of LLMs capable of understanding code and dependency structures. It’s not science fiction: tools attempting automatic repairs already exist, but the difference lies in the success rate without side effects.
Implications for on-premise choices
For organizations managing self-hosted infrastructure, the problem is doubly pressing. On-premise deployments often host legacy applications or air-gapped systems where stability is paramount. A problematic update can cause costly downtime that is hard to resolve without direct cloud access. Root’s technology, integrated into the Aikido platform, could become a differentiator for those weighing the trade-off between security and operational continuity. AI-RADAR has repeatedly noted how AI security tools are evolving to handle local workloads: this adds a concrete piece to the puzzle, though it remains to be seen how adaptable it is to fully on-prem environments and how much it relies on centralized inference services.
A market seeking autonomy
The acquisition signals a clear trend: the cybersecurity market is looking for tools that act autonomously, reducing the burden on human teams and accelerating response times. Based on figures Aikido shared in January, when it reached a billion-dollar valuation, its platform has already attracted thousands of customers thanks to a “developer-first” philosophy. Now, with Root, it aims to close the loop: not just alerting, but also fixing. The company promises to do so without the false positives and application breakages that have so far hindered automatic patch adoption. The debate remains open on how much human oversight will still be needed and how these technologies will be received in regulated sectors, where every change requires traceability and audit. But the direction is clear: AI is moving from analysis to action.
💬 Comments (0)
🔒 Log in or register to comment on articles.
No comments yet. Be the first to comment!