Aikido Infinite and the Rise of Self-Securing Software | The Neuron

The End of Static Security: Aikido Security and the Dawn of Self-Securing Software

In an era where AI-powered hackers move at machine speed, traditional security can’t keep up. Aikido Security Cofounder Roeland Delrue explains how their new "Aikido Infinite" platform closes the "patch gap" by transforming security from a static audit into a continuous, autonomous loop of discovery and remediation.

Written By
Corey Noles
Corey Noles
Feb 24, 2026
3 minute read

The traditional cybersecurity model is broken, or, at the very least, dangerously out of sync with the speed of modern DevOps. For years, the industry has relied on "point-in-time" assessments: snapshots of security that are often obsolete by the time the PDF report hits a CISO’s inbox. Today, Aikido Security is moving to close that gap permanently with the launch of the industry's first self-securing software, Aikido Infinite.

In a recent discussion with The Neuron, Roeland Delrue, Cofounder of Aikido Security, outlined a vision that goes beyond mere scanning. He describes a future where autonomous AI agents find vulnerabilities and fix them in a continuous, infinite loop.

Closing the "Patch Gap" with Aikido Infinite

The core problem with traditional penetration testing is latency. In a world where software is updated daily, a yearly or quarterly audit is an eternity.

"By the time they’re done writing the report, you’ve already done a new release," Delrue said. This creates a persistent "patch gap" where vulnerabilities exist in production for weeks or months simply because the security cycle can’t keep pace with the deployment cycle.

Aikido Infinite addresses this by embedding AI-driven penetration testing directly into the software development lifecycle (SDLC). Every code change triggers a sequence where AI agents map the attack surface, identifying undocumented endpoints and exposed credentials, to validate exploitability.

"Aikido Infinite is evolving into orchestrating agents that are continuously penetrating and remediating at the same time."

Gif showing the Aikido Infinite dashboard monitoring real-time agents running pentests.


Fighting Fire with Fire: The LLM Arms Race

The urgency for autonomous defense is driven by the fact that threat actors are already leveraging Large Language Models (LLMs) to automate their attacks. In Delrue’s view, manual defense is no longer a viable strategy against AI-powered offense. To protect modern infrastructure, the "blue team" must match the speed of the "red team."

"The only way to keep up with hackers with LLMs is to use LLMs yourself to build up your defenses as fast as possible," he said.

However, building a "self-securing" system isn't as simple as connecting an LLM to a codebase. Delrue highlights the "20/80 rule": while 20% of the effort can fix 80% of common issues like SQL injections or path traversals, the remaining 20% of vulnerabilities exist in a "long tail" of complex edge cases.

To tackle this, Aikido employs full-time bug bounty hunters who creatively find new hacks, which are then used to train and benchmark the agents. This rigorous manual work behind the scenes allows the AI to handle the "long tail" of weird combinations, such as legacy PHP backends paired with modern Vue frontends. The result is an offensive capability that Delrue notes is now outperforming human testers in 90% of cases by identifying more critical issues faster.

Advertisement

The Human-in-the-Loop and Compliance Realities

Despite the autonomous capabilities of Aikido Infinite, the "self-securing" role still respects the boundaries of enterprise control. Currently, international standards and regulations like ISO 27001, SOC2, and HIPAA mandate human validation before code can be merged into production.

"Nobody has really asked us to like... give all the keys to the kingdom to you and just you merge the PRs," said Delrue. "That’s giving too much control to a third-party vendor."

Instead, Aikido Infinite functions as an "orchestrator." It puts a verified, tested Pull Request (PR) ready for a developer to review. This ensures the fix is accurate and doesn't break functionality, maintaining the developer's role as the final gatekeeper while removing the grueling manual labor of security triage.

A group photo of the team at Aikido Security including Felix Willem and Roeland Delrue.


Beyond Security: The Vision for Self-Maintaining Code

For Delrue and the team at Aikido, security is just the first step. By acquiring an LLM-first code quality company Trag last summer, Aikido has signaled that its vision extends to the very health of the codebase.

"The ultimate end vision for this company could even be to have self-maintaining software."

A security vulnerability, Delrue argues, is essentially a maintenance issue. Whether it is a performance bug or a SQL injection, it represents code that isn't performing as intended. By closing the loop between finding a flaw and generating a fix, Aikido is moving toward a world where software does more than simply run, it heals.

Corey Noles

Corey Noles is the Host of The Neuron: AI Explained podcast and Managing Editor of AI and Experimental Content at TechnologyAdvice, where he leads the charge in testing and refining emerging content strategies across the company's portfolio.

The Neuron Logo

Don't fall behind on AI. Get the AI trends & tools you need to know. Join 700,000+ professionals from top companies like Microsoft, Apple, Salesforce and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.