The latest Application Security Market report by Latio Tech (James Berthoty) is out, and we’re proud to share that Aikido Security has been recognized as:
- Application Security Platform Leader
- Application Security Supply Chain Innovator
- Application Security AI Pentesting Innovator
.png)
Why Aikido Security was recognized
Application Security Platform Leader
Aikido's focus hasn't been on merely consolidating tools, it's been on building a system that shares context across code, runtime and cloud, with the addition of malware detection and AI penetration testing, effectively extending the definition of modern AppSec. Findings map directly to standards such as ISO 27001, SOC2, OWASP Top 10, NIS2, with automated GRC integrations and audit-ready AI pentest reports.
From a technical perspective, Latio Tech highlights how the platform combines reachability analysis, flexible SAST customization, and a robust AutoFix architecture with runtime and organizational context. Instead of overwhelming teams with raw findings, the platform applies EPSS, AI-based prioritization, and real exploitability signals to reduce false positives.
Application Security Supply Chain Innovator
Aikido has always prioritized open-source supply chain attacks as a key part of overall software security. As Latio highlights, our open-source malware research and proactive prevention capabilities are central to that leadership.
Over the past year, our team was among the first to publicly identify and surface multiple major supply chain campaigns, including Shai-Hulud’s credential-stealing malware, S1ngularity’s dependency confusion attacks, the large-scale npm malware outbreak in September 2025, and incidents such as the React-Native-Aria trojan. To protect organizations from attacks like this, we've developed Safe Chain, an open-source and free capability that blocks malicious packages before they're installed. Its powered by Aikido Intel, which monitors millions of OSS packages, alerting users to hidden supply-chain threats so you can keep your install process safe and avoid broken build pipelines.
Application Security AI Pentesting Innovator
AI pentesting is the most desired emerging AI capability for practitioners, according to Latio Tech’s research. Aikido is leading on innovation here: we deploy up to 200 AI agents to effectively find more issues than a human pentest, including more critical and high-severity issues. All while ensuring the most stringent safety guardrails are adhered to.
In one recent example, Cope, a Swedish digital finance and operations consultancy, had completed a 120-hour manual pentest, with zero findings reported. After ~2 hours, Aikido’s AI Pentest, found multiple high-severity and low severity issues. This is even with Aikido’s narrowest coverage of just 20 attacker agents.
You can even monitor the agents in real time:
AppSec is undergoing a structural shift
We’re honored by the recognition. But more importantly, the report confirms something we’ve believed for years: application security is undergoing a structural shift.
Here’s what stood out to us, and why it matters:
Application security has become a platform capability
AppSec isn’t about a collection of tools, it’s about having a platform capability. There has been a clear focus on trying to improve developer experience by providing a platform that encourages developer adoption and ease of use. Aikido’s 2026 State of AI & Security report found that those platforms that were catered toward both security and developer audiences encountered fewer security incidents.
Being recognized as an Application Security Platform Leader reinforces what we see in the market every day: security only works when developers actually adopt it. Latio notes that Aikido has evolved from a number of tools into a true platform with leading capabilities across SAST customization, open-source malware research, and AI pentesting.
Tools should be evaluated based on actual backlog reduction rather than number of issues detected
Time and time again, organizations ask “why does X have more findings than Aikido”? The reason is because Aikido has already analyzed the findings, and understood which findings are actually issues that need to be looked at. Latio Tech specifically highlights our reachability analysis, customizable SAST engine, and robust AutoFix architecture, which help to reduce alerts and speed up remediation. Latio Tech specifically highlighted Aikido’s strength here, ensuring teams can prioritize based on what’s actually exploitable, not just what’s theoretically vulnerable.
Securing AI-generated code is still an open-market with unclear best practices
We found that one in five organizations had suffered a security incident stemming from AI-generated code. And yet, organizations are still working out how best to balance productivity with security.
Latio highlights our leadership in emerging categories such as AI penetration testing and AI code quality analysis, which help to restore that balance. AI pentesting simulates real attacker behavior across APIs, authentication flows and integrations, validating exploitability and generating clear remediation guidance. The on-demand or continuous function of AI pentesting means testing can keep pace with the speed of development. Meanwhile AI code quality analysis can identify unsafe patterns, framework misuse, and structural weaknesses early, ensuring all code (including AI-generated code) meets consistent standards and prevents insecure or fragile patterns from appearing in the codebase.
Supply chain security is expanding beyond CVE detection alone
Over the past year, open-source supply chain attacks have become both more frequent and more consequential, particularly across the npm ecosystem.
And yet most organizations still think in terms of “known vulnerabilities”. But often the most dangerous attacks never receive a CVE.
Latio recognizing Aikido as an Application Security Supply Chain validates Aikido Intel’s work on flagging new vulnerabilities across open-source packages, before appearing in any public database, including those with no CVE assigned. We believe prevention must happen at install time, and that’s why we’ve released Safe Chain, a free and open-source package protector.
What this all means for the future of AppSec
Latio Tech’s report is a snapshot of what AppSec looks like now: platforms rather than fragmented tools, value from backlog reduction rather than volume of findings, and supply chain defense shifting left.
But these trends point to something bigger: AppSec isn’t just moving toward better dashboards and more context. With the introduction of AI-generated code, developers need the assistance of AI to help find and fix vulnerabilities. AppSec ismoving to systems that continuously test for vulnerabilities and automatically fix confirmed issues without any human intervention.
In other words: self-securing software. This is what Aikido Security is focused on.
