Modena360 Blog

blog image

AI That Patches Open-Source Flaws Before Attackers Strike

Open source code sits inside almost every application your business touches — your accounting system, your website, the apps your team logs into every day. In June 2026 the security company Aikido acquired a startup called Root, in a deal reported at around US$70 million, and folded its technology into a new product called Aikido Libraries. What makes the deal worth your attention is how Root works: it uses AI agents to research, write, test and ship patches for known open-source vulnerabilities, and it applies the fix to the version you are already running — no forced upgrade, no migration, no broken application.

That matters because patching open source has long been a bad choice between two options: upgrade to a newer version and risk breaking software that currently works, or leave the hole open. The result is that flaws sit unpatched for years — Log4Shell, the critical Log4j bug from 2021, still runs in millions of systems today. Aikido says almost a third of known vulnerabilities are now exploited on or before the day they are disclosed, and it has committed to backporting fixes for critical, actively exploited open-source flaws to the community for free. The headline is a corporate acquisition, but the real story is the friction underneath it: keeping the code you depend on patched is genuinely hard, and attackers know it.

Why This Matters for Your Business

  1. Most of your software is other people's code. Modern applications are assembled from open-source building blocks. A vulnerability in one of those blocks is a vulnerability in your business, even if you never wrote a line of it.
  2. Patching is a real dilemma, not laziness. Updating a component can break the very system your staff rely on, so fixes get delayed. That delay is exactly the gap attackers walk through.
  3. The window to act has collapsed. When a third of flaws are exploited on the day they become public, "we will get to it next maintenance window" is no longer a safe plan.
  4. AI helps both sides. The same automation that lets defenders ship patches in minutes lets attackers find and exploit weaknesses faster and cheaper. Standing still means falling behind.

What Every Business Should Do Now

  • Know what you are running. You cannot patch what you cannot see. Keep an up-to-date inventory of the software and components in your environment.
  • Prioritise what is actually being exploited. Not every flaw is urgent. Focus first on vulnerabilities that are known to be under active attack.
  • Test before you deploy. Apply patches in a way that does not break production — check updates against your real systems before rolling them out.
  • Keep restorable backups. If a patch or an attack goes wrong, a clean, tested backup is the difference between an inconvenience and a disaster.
  • Stop treating "later" as a strategy. Put a defined, repeatable process around updates instead of leaving them to whoever has spare time.

How a Managed Service Provider (MSP) Helps

  • Managed Services. We keep an inventory of what you run and handle patching on a schedule, so known flaws get closed before they are exploited.
  • Security & SOC. We monitor your environment for the signs of an attempted exploit and respond when something looks wrong, day or night.
  • Backups & disaster recovery. We maintain tested backups so that if an update or an incident causes damage, you can get back to work quickly.
  • Compliance Management. We help you show regulators, insurers and customers that your systems are kept current and your risks are managed.
  • Consulting. We help you decide which risks matter most for your business and build a practical plan to address them.
  • AI adoption. We help you use new AI-driven security tooling sensibly — getting the upside without handing your environment to something you do not understand.

You do not need to become an expert in open-source supply chains to be protected from them. What you need is visibility into what you run, a reliable process for keeping it patched, and someone watching when something slips through. That is the friction Modena360 exists to remove — so you can get on with the work your business is actually here to do.


Do you actually know what is unpatched in your business right now?

If the answer is not a confident yes, let's fix that before someone else finds out for you.

Talk to Modena360