Aikido Security becomes a unicorn by putting developers at the centre of application security
Aikido Security Co-Founder, CEO and CTO, Willem Delbare (photo: Aikido)
For much of the past decade, application security has been something developers worked around rather than with. Security tooling was often introduced late in the development process, owned by separate teams, and experienced as friction—alerts detached from daily workflows, dashboards built for audits rather than engineers, and findings that slowed releases without clearly improving outcomes.
That model is increasingly under pressure. And Aikido Security’s latest funding round suggests how parts of the market are responding.
The Belgian startup has raised $60 million in Series B funding, reaching a $1 billion valuation three years after its founding. The round was led by DST Global, with participation from PSG Equity and existing investors Notion Capital and Singular, according to the company and reporting by Reuters. Aikido said its revenue grew five-fold over the past year, its customer base nearly tripled, and around half of its revenue now comes from the United States.
Beyond the headline numbers, the round highlights a shift in how application security is being packaged, sold, and used—particularly in comparison with more established approaches in the AppSec and DevSecOps landscape.
A different entry point into application security
Founded in 2022, Aikido Security set out to build a unified application security platform spanning code, cloud, and runtime security. That positioning matters in a market traditionally divided into specialist categories: static code analysis tools, dependency scanners, cloud posture management platforms, and runtime monitoring solutions.
Many established cybersecurity vendors still operate within those boundaries, offering depth in a single domain and relying on integrations—or additional tooling—to cover the rest. Aikido’s stated approach is different: rather than asking teams to assemble and manage a security stack, it aims to provide a single system that surfaces risks across the software lifecycle.
This does not place Aikido outside the application security category. Instead, it situates the company alongside a newer group of vendors attempting to reduce tool sprawl by collapsing multiple functions into a unified developer-facing layer.
Designed for developers, not retrofitted for them
One of the clearest points of distinction between Aikido and many traditional AppSec platforms is who the product is designed for.
“The product is really meant for people who write software,” CEO Willem Delbare told Reuters. In much of the legacy application security market, developers are downstream users—expected to respond to findings generated by tools configured and operated by security specialists. That structure has often led to slow remediation cycles and low engagement.
Aikido’s messaging places it closer to the developer-tooling end of the security spectrum. Rather than focusing on reporting, compliance, or policy enforcement, it emphasises integration into engineering workflows and automatic risk identification that developers can act on directly.
This contrasts with compliance-led security platforms that are primarily evaluated by CISOs and risk teams. It also differentiates Aikido from penetration-testing services and manual audit tools, which remain episodic by design.
Customers publicly named by Aikido—Niantic, Revolut, and SoundCloud—are organisations where engineering velocity is central and where security tooling that interrupts workflows is unlikely to be adopted at scale.
Where Aikido sits in a crowded DevSecOps market
The DevSecOps landscape has expanded rapidly, particularly as cloud-native development has become the default. Many vendors compete by specialising: some focus on securing infrastructure configurations, others on scanning open-source dependencies, and others on runtime threat detection.
Aikido’s stated positioning cuts across those boundaries. By explicitly covering code, cloud, and runtime security, the company places itself among vendors attempting to act as a connective layer rather than a point solution.
Importantly, Aikido does not position itself as:
-
a pure cloud security posture management (CSPM) vendor,
-
a standalone SAST or SCA tool,
-
or a security operations platform.
Nor does it claim to replace security teams or eliminate the need for specialist oversight. Its differentiation lies in consolidation and usability, not in redefining the scope of cybersecurity itself.
AI accelerates development—and magnifies existing gaps
Aikido’s growth comes at a moment when software development itself is changing. As Reuters reported, AI is already having a material impact on how software is written, with developers increasingly using AI tools to generate and modify code.
That shift does not create entirely new security problems, but it intensifies existing ones. More frequent code changes and more dependencies increase the volume of risks that security tools must surface and prioritise.
In this context, Aikido’s approach aligns with a broader trend among newer AppSec vendors: designing for scale and speed rather than periodic inspection. DST Global’s Tom Stafford, commenting on the investment, described AI as reinforcing the need for security approaches that can operate continuously within development workflows.
Crucially, Aikido does not market itself as an AI security company. Unlike vendors focused on securing machine learning models or AI systems themselves, Aikido frames AI as a force multiplier for software development—one that increases the demand for automated, integrated application security.
Scaling globally from a European base
Despite being headquartered in Belgium, Aikido reports that approximately 50% of its revenue comes from the United States. This mirrors the trajectory of many European cybersecurity startups that build locally but scale commercially in the US, where enterprise security budgets and developer adoption cycles are typically larger.
Before the Series B, Aikido had raised $24 million, enabling it to establish its product and customer base. The latest round moves the company into a phase where execution, platform reliability, and sustained growth become as important as differentiation.
DST Global’s involvement places Aikido among a group of security companies expected to operate at global scale, while continued backing from Notion Capital and Singular reflects sustained confidence from European investors familiar with earlier-stage execution.
What the funding is intended to support
In its Series B announcement, Aikido said the funding will be used to further develop its unified security platform across code, cloud, and runtime environments. The company has also referenced a longer-term ambition around “self-securing software”, which it describes in terms of continuous and automated protection.
Notably, Aikido’s public statements avoid claims that security can be fully automated or removed from human oversight. Instead, the emphasis remains on improving integration, reducing manual effort, and enabling faster remediation within existing development processes.
A signal, not a conclusion
Aikido’s $1 billion valuation does not settle debates about how application security should be structured. But it does signal where investment and attention are currently flowing.
In a market long dominated by specialised tools and compliance-driven buying, Aikido’s rise reflects growing demand for security that aligns with how software is actually built today. Its comparison to peers is less about head-to-head competition and more about a shift in entry point: from security as a control function to security as an integrated part of development.
Whether that model becomes dominant remains an open question. What is clear is that the assumptions underpinning application security are changing—and Aikido’s funding round captures that moment.
If you value independent explainers on AI and deep tech, you can support our work via our page on Buy Me a Coffee. It helps keep MoveTheNeedle.news focused on depth, not clicks.