The traditional cybersecurity model is broken, or, at the very least, dangerously out of sync with the speed of modern DevOps. For years, the industry has relied on "point-in-time" assessments: snapshots of security that are often obsolete by the time the PDF report hits a CISO’s inbox. Today, Aikido Security is moving to close that gap permanently with the launch of the industry's first self-securing software, Aikido Infinite.
In a recent discussion with The Neuron, Roeland Delrue, Cofounder of Aikido Security, outlined a vision that goes beyond mere scanning. He describes a future where autonomous AI agents find vulnerabilities and fix them in a continuous, infinite loop.
Closing the "Patch Gap" with Aikido Infinite
The core problem with traditional penetration testing is latency. In a world where software is updated daily, a yearly or quarterly audit is an eternity.
"By the time they’re done writing the report, you’ve already done a new release," Delrue said. This creates a persistent "patch gap" where vulnerabilities exist in production for weeks or months simply because the security cycle can’t keep pace with the deployment cycle.
Aikido Infinite addresses this by embedding AI-driven penetration testing directly into the software development lifecycle (SDLC). Every code change triggers a sequence where AI agents map the attack surface, identifying undocumented endpoints and exposed credentials, to validate exploitability.
"Aikido Infinite is evolving into orchestrating agents that are continuously penetrating and remediating at the same time."

Fighting Fire with Fire: The LLM Arms Race
The urgency for autonomous defense is driven by the fact that threat actors are already leveraging Large Language Models (LLMs) to automate their attacks. In Delrue’s view, manual defense is no longer a viable strategy against AI-powered offense. To protect modern infrastructure, the "blue team" must match the speed of the "red team."
"The only way to keep up with hackers with LLMs is to use LLMs yourself to build up your defenses as fast as possible," he said.
However, building a "self-securing" system isn't as simple as connecting an LLM to a codebase. Delrue highlights the "20/80 rule": while 20% of the effort can fix 80% of common issues like SQL injections or path traversals, the remaining 20% of vulnerabilities exist in a "long tail" of complex edge cases.
To tackle this, Aikido employs full-time bug bounty hunters who creatively find new hacks, which are then used to train and benchmark the agents. This rigorous manual work behind the scenes allows the AI to handle the "long tail" of weird combinations, such as legacy PHP backends paired with modern Vue frontends. The result is an offensive capability that Delrue notes is now outperforming human testers in 90% of cases by identifying more critical issues faster.
The Human-in-the-Loop and Compliance Realities
Despite the autonomous capabilities of Aikido Infinite, the "self-securing" role still respects the boundaries of enterprise control. Currently, international standards and regulations like ISO 27001, SOC2, and HIPAA mandate human validation before code can be merged into production.
"Nobody has really asked us to like... give all the keys to the kingdom to you and just you merge the PRs," said Delrue. "That’s giving too much control to a third-party vendor."
Instead, Aikido Infinite functions as an "orchestrator." It puts a verified, tested Pull Request (PR) ready for a developer to review. This ensures the fix is accurate and doesn't break functionality, maintaining the developer's role as the final gatekeeper while removing the grueling manual labor of security triage.
.png)
Beyond Security: The Vision for Self-Maintaining Code
For Delrue and the team at Aikido, security is just the first step. By acquiring an LLM-first code quality company Trag last summer, Aikido has signaled that its vision extends to the very health of the codebase.
"The ultimate end vision for this company could even be to have self-maintaining software."
A security vulnerability, Delrue argues, is essentially a maintenance issue. Whether it is a performance bug or a SQL injection, it represents code that isn't performing as intended. By closing the loop between finding a flaw and generating a fix, Aikido is moving toward a world where software does more than simply run, it heals.