When n8n's engineering organization went looking for a way to cut through the alert volume that comes with running a fast-growing automation platform, they ended up consolidating onto Aikido Security and reported a 92% reduction in noise [Aikido Security]. That number, whether or not it generalizes, captures the wedge the Belgian startup has been driving for almost four years: developers do not want twelve scanners, twelve consoles, and twelve queues of findings that mostly are not exploitable. They want one place that tells them what to fix this afternoon.
Aikido, founded in Ghent in 2022 by Willem Delbare, Wouter Delbaere, Roeland Delrue, Felix Kerger, Felix Garriau, and Amber Rucker, sells a unified application security platform that spans code scanning, cloud posture, container and dependency analysis, runtime protection through its Zen firewall, and now autonomous penetration testing [Aikido Security]. The pitch to engineering leaders is unusually concrete for the category: transparent seat-based pricing, a free tier, and an AutoFix feature that opens pull requests against vulnerabilities rather than just filing tickets [Aikido Security Pricing; Aikido Docs]. Customers cited publicly include CertifID, Lighthouse, Zus Health, Henchman, Secure Code Warrior, and Oliva Health [Tech.eu, Nov 2023], with Pathful reporting a 60% drop in security issues within two weeks of deployment [Aikido Security].
The ambition got an expensive endorsement in January, when DST Global led a $60 million Series B at a $1 billion valuation, making Aikido one of the first European unicorns of 2026 [Reuters, Jan 2026]. That round followed a $17 million Series A led by Singular.vc in May 2024 [TechCrunch, May 2024], a $5.4 million seed from Notion Capital and Connect Ventures in November 2023 [PRNewswire, Nov 2023], and a $2.2 million pre-seed in 2022 [Aikido Security Blog]. Total disclosed funding sits near $85 million across four rounds [BankInfoSecurity].
Pre-seed 2022 | 2.2 | $M
Seed 2023 | 5.4 | $M
Series A 2024 | 17 | $M
Series B 2026 | 60 | $M
The bet
The strategic argument is that AppSec consolidation is the next durable wave in security spending, and that the buyer profile is shifting from CISOs purchasing best-of-breed tools to engineering leaders purchasing developer experience. Wiz proved the consolidation thesis on the cloud side. Snyk proved it for developer-led code scanning. Aikido is betting that a single platform spanning code, cloud, and runtime, sold with self-serve pricing and aimed first at engineering buyers at growing SaaS companies, can compete from below against both. The product surface now includes AutoFix, AI and dev tooling integrations, code quality, and the Zen runtime firewall [Aikido Docs], plus a recently announced endpoint protection product aimed at developer machines as software supply chain attacks intensify [KnowledgeNile].
Pricing is the unusual part. Most enterprise AppSec vendors quote on call. Aikido publishes seat-based tiers and offers a free plan [Aikido Security Pricing]. That is a deliberate funnel choice: the company reported more than 1,000 installs within its first year [Tech.eu, Nov 2023], and the bottom-up motion is what justifies the venture math.
Why it could be big
The market backdrop is favorable. Enterprises are actively cutting line items from the AppSec portion of their security budgets and consolidating onto fewer platforms, and adjacent categories like Penetration Testing as a Service are projected to reach $1.98 billion by 2031 [PRNewswire]. DST Global, which has historically written checks into category-defining infrastructure companies, leading the Series B is a meaningful signal about where the firm sees consolidation heading [Reuters, Jan 2026]. Notion Capital, Connect Ventures, Inovia Capital, and PSG Equity round out a cap table that mixes European early-stage discipline with later-stage growth firepower.
The revenue profile is consistent with that bet. Aikido was reported at roughly $13 million in revenue with a 118 person team earlier in its growth [GetLatka], and headcount has since climbed to 164 [BankInfoSecurity] and, by one more recent count from an employee post, around 210 globally [LinkedIn]. The Series B is earmarked partly for scaling the autonomous AI pen testing capability [BankInfoSecurity], a feature category where the gap between marketing claims and field results is currently wide and where a credible product would meaningfully expand wallet share.
The team and traction
The founding group is unusual in that it includes six co-founders, several of whom previously worked together in the Belgian SaaS ecosystem. Willem Delbare was a co-founder and CTO at Teamleader, a well-known Ghent SaaS exit, and that operator background shows up in the product's sensitivity to developer workflow. The customer roster spans US healthcare (Zus Health, Oliva Health), security training (Secure Code Warrior), and developer tooling (n8n), which suggests the wedge is not concentrated in a single vertical [Tech.eu; Aikido Security].
What bears say, what bulls answer
The sharpest concern is competitive: Wiz is the gravitational center of cloud security spending, Snyk owns deep mindshare in developer-first code scanning, and Semgrep has a passionate following in static analysis. Any one of them can extend into Aikido's footprint, and several are trying. The bull answer, supported by the public customer stories, is that Aikido's wedge is not a single scanner but the absence of dashboard sprawl plus pricing a 50-engineer company can actually approve without a procurement cycle [Aikido Security Pricing]. Consolidation plays usually win on packaging and price discipline more than on raw detection quality, and Aikido has been shipping on both axes.
What to watch
The next twelve months will turn on three things: whether the autonomous pen testing product lands as a genuine replacement for human-led engagements rather than a complement, whether enterprise ACVs grow fast enough to justify the unicorn mark, and whether Aikido can land flagship customers in the US to match its European base. A US sales build-out is implied by the open Talent Acquisition Partner role on the careers site. Expect a product expansion event in the first half, and watch for customer announcements above the current SMB and mid-market profile.
Technical breakdown
The platform stitches together what would otherwise be 8 to 12 separate scanners: SAST, SCA, secrets detection, IaC scanning, container image scanning, CSPM, DAST, malware detection in dependencies, license scanning, plus runtime protection via Zen and now autonomous pen testing. The differentiator the company emphasizes is reachability analysis, which downranks vulnerabilities in code paths that are not actually invoked at runtime. AutoFix sits on top, generating PRs against findings the system has high confidence in. The Zen firewall is in-app, meaning it ships as a library inside the protected service rather than as a sidecar or proxy, which keeps latency overhead low but means coverage depends on language support.
What could go wrong at scale
The honest risk is operational, not strategic. Unified platforms sell on the promise that one vendor can do twelve jobs at parity with twelve specialists. That promise tends to fray at the high end of the enterprise market, where security teams want depth in specific modules (SAST rule coverage, cloud misconfiguration breadth, container runtime detection fidelity) and will tolerate dashboard sprawl to get it. If Aikido's depth in any one module slips meaningfully behind the category leader, large accounts may unbundle. The autonomous pen testing bet carries its own execution risk: if the AI-driven product produces false positives at enterprise volumes, it could erode the noise-reduction story that anchors the brand. The unicorn valuation now sets a bar that requires the company to clear both hurdles at once.