With growing adoption across enterprise, open source, and commercial platforms, Root is making agentic vulnerability remediation a reality.

Root, the company behind the Agentic Vulnerability Remediation (AVR) platform, which instantly and safely eliminates vulnerabilities in open-source software and container images, today announced expanded adoption and a new strategic integration across the open-source, commercial, and enterprise security landscape.

The AVR platform turns any container image into a more secure, low-vulnerability version, without requiring teams to switch to pre-built images, proprietary operating systems, or new workflows. By integrating directly with the tools teams already use and supporting operating systems a majority of teams have already built on, Root enables in-place remediation with a single automated step, eliminating the need for costly migrations or manual triage. As CVE volumes rise, compliance pressures mount, and budgets tighten, Root helps security teams move faster – turning remediation from a bottleneck into a built-in advantage.

"For too long, fixing vulnerabilities meant pushing work onto developers – rebasing, rewriting, or chasing CVEs," said Ian Riopel, co-founder and CEO of Root. "Root eliminates that burden. Our platform works with any image within our supported architecture, enabling teams to keep their workflow while we fix their problems – security without the shift. That means teams aren't shifting left or having to lift and shift their containers to a new OS. We automate remediation safely and instantly, with no rewrites and no regressions."

Root supports infinite image variants versus competitors' limited catalogs, working with any image within supported architectures, including Alpine, Debian, and Ubuntu variants. This approach transforms vulnerability remediation from months to minutes without forcing ecosystem changes.

Root is also partnering with Aikido Security to deliver pre-remediated base images – hardened, drop-in replacements tailored to Debian, Ubuntu, Rocky, and Alpine variants commonly used by Aikido's customers. These images are offered as one-click, auto-fix upgrades within the Aikido platform, allowing teams to eliminate vulnerabilities without modifying container configurations or code.

"Launching our Autofix feature in collaboration with Root is a no-brainer for us," said Willem Delbare, Aikido's co-founder and CTO. "Now, lean security teams and startups can fix base image vulnerabilities as part of their everyday workflows."

In enterprise environments, Root is already proving its value. BigID used Root to eliminate over 1,000 vulnerabilities – including 300+ high and critical CVEs – across six production images in two weeks, without migrating away from its Debian and Ubuntu-based stacks. SixWorks, an IBM company, cut remediation time by 99.9% and avoided more than $300,000 in projected rebasing costs. DeleteMe, operating under strict privacy regulations, leveraged Root to achieve FedRAMP-level security standards while maintaining zero downtime during compliance transitions, eliminating over 300 critical vulnerabilities in a single day.

"Security teams have been conditioned to triage rather than remediate – because scalable, safe remediation wasn't available," said John Amaral, Root's co-founder and CTO. "Root makes real remediation the default."

As adoption accelerates, Root is laying the groundwork for remediation-first security – not just for individual teams, but across the software supply chain. By shifting the industry from alerts to actual fixes, Root is closing the remediation gap at scale.

About Root

Root pioneers Agentic Vulnerability Remediation (AVR), fixing container vulnerabilities in seconds instead of sprints. Our platform patches any image in any registry without rebuilding or disrupting workflows. Keep your workflow, fix your problems - security without the shift.

Learn more at root.io

View source version on businesswire.com: https://www.businesswire.com/news/home/20250717523306/en/