{"slug": "aikido-acquires-root-to-secure-the-supply-chain", "title": "Aikido acquires Root to secure the supply chain", "summary": "Aikido acquires Root to secure the software supply chain by using AI-generated patches for open-source vulnerabilities. Root's agent-native system produces hundreds of verified CVE patches daily without breaking changes, and Aikido launches Aikido Libraries and Aikido Images as drop-in replacements. Critical fixes are contributed upstream to the open-source community.", "body_md": "Today, Aikido acquires Root. 🚀\n\nOpen source powers almost every application in the world, and it's become the primary entry point for attackers. The software supply chain is under fire. (something something cat meme waking up to another supply chain attack)\n\nAttackers are getting faster, too. AI is making it cheaper to exploit known vulnerabilities before most teams have a chance to patch them. Nearly a third of known vulnerabilities are exploited on or before the day they're disclosed. Meanwhile, our old friend Log4Shell, discovered in 2021, is still running in millions of production systems today.\n\nBut most teams are stuck choosing between three options that don't work:\n\n**Upgrade** and risk breaking production**Migrate** to a vendor's locked-down replacement**Keep** running vulnerable software\n\nThe reality is that upgrading isn't simple (shocker). A dependency update can break production, pull in dozens of unrelated changes, depend on versions that don't exist yet, or even introduce new vulnerabilities of its own. Even when everything goes right, upgrades consume weeks of engineering time.\n\n## The fact is: open source needs patching, and it needs it fast.\n\nRoot solves this supply chain challenge with an agent-native approach. Instead of agents that just find vulnerabilities, they've built a factory-like system where agents generate precise CVE patches for the package versions teams actually run, at machine speed.\n\n****\n\n## The result? Hundreds of verified CVE patches produced every day.\n\nThat – wait for it – don’t introduce breaking changes.\n\n\"The industry is still stuck on triage, taking a giant list of CVEs and arguing over which ones to fix first. Or worse, telling teams to throw out their images and start over with someone else's,\" says Ian Riopel, co-founder and CEO of Root. \"We built Root to skip the argument and just fix the problem in place. This is a choice between walled gardens and real support for open source. We chose open source.\"\n\nNow we're bringing that capability into Aikido.\n\nWe're launching **Aikido Libraries** and **Aikido Images**: vulnerability-free, drop-in replacement libraries and container images that patch the software teams are already running, without migration, and most importantly, *without* breaking changes.\n\nThey're already in production and available to every Aikido customer (peep the [image catalogue ](https://images.aikido.dev/images)here)\n\n****\n\nWhen a new CVE is introduced, we’ll generate the patch that works for *your* system, on your *exact* version. Keeping you continuously protected.\n\n## And no, \"private patches for open source\" isn't the headline.\n\nCritical fixes for actively exploited vulnerabilities will continue to go back to the community, upstream across ecosystems, not locked behind a paywall. If we want to solve software supply chain security, the ecosystem has to become more secure, not just our customers.\n\n\"Open source maintainers are drowning in security work while trying to keep the projects the world depends on running,\" said Adrian Estrada, CTO of NodeSource, OpenJS Board Director and Node.js Core Contributor. \"Aikido and Root are taking work off our plate by backporting fixes and contributing them upstream.\"\n\nWelcome to Aikido, Root.\n\nThe mission? Get developers back to building.\n\nxo Madeline, Aikido", "url": "https://wpnews.pro/news/aikido-acquires-root-to-secure-the-supply-chain", "canonical_source": "https://www.aikido.dev/blog/aikido-acquires-root", "published_at": "2026-06-30 14:23:00+00:00", "updated_at": "2026-06-30 14:57:35.385838+00:00", "lang": "en", "topics": ["ai-research", "ai-products", "ai-tools", "ai-agents"], "entities": ["Aikido", "Root", "Ian Riopel", "Adrian Estrada", "NodeSource", "OpenJS", "Log4Shell"], "alternates": {"html": "https://wpnews.pro/news/aikido-acquires-root-to-secure-the-supply-chain", "markdown": "https://wpnews.pro/news/aikido-acquires-root-to-secure-the-supply-chain.md", "text": "https://wpnews.pro/news/aikido-acquires-root-to-secure-the-supply-chain.txt", "jsonld": "https://wpnews.pro/news/aikido-acquires-root-to-secure-the-supply-chain.jsonld"}}