At a glance
- Consolidated AppSec across global business units on one platform
- Doubled the patch rate from 20 percent to 41 percent within the first year
- Self-served the initial sign-up at aikido.dev with no procurement friction
- Brought container scanning into the same view as code-level findings
- Checked newly disclosed CVEs against the codebase
- Gave developers an IDE plugin to fix issues in place without opening a ticket
Challenge
A global engineering footprint with regional habits
Believe is a global digital music company operating across France, New York and Japan. Yolanda Amorim leads application security from inside that distributed engineering organisation. Each region had its own way of doing things and its own tool choices, and the result was uneven AppSec coverage across what was meant to be a single product.
Yolanda needed one platform that all the regional teams could use without retraining, one consistent view for security leadership, and a feedback loop that developers would actually engage with rather than route around.
Believe didn’t need a sales-led evaluation. It needed to try the platform and prove the value internally.
“We wanted to consolidate on a tool that would work across our global teams. The self-serve option at aikido.dev meant we could just start, without going through a long procurement process.”
Solution
Yolanda’s team brought every regional unit onto Aikido on the same configuration and the same workflow. SAST, SCA and container scanning sat in a single view.
The most visible operational outcome was the patch rate. Before Aikido, Believe was patching around 20 percent of identified findings. After consolidation and the introduction of AutoFix and the IDE plugin, that figure roughly doubled.
“Our patch rate jumped from 20 percent to 41 percent after switching. It’s the difference between security being a backlog item and security being a real engineering metric.”
When a new CVE was disclosed, Yolanda’s team could check whether it affected them and secure the packages going into the release in progress.
“Last week a developer came to me really impressed. A new CVE had come out, and we saved all the packages for that release.”
Why Believe chose Aikido
Believe weighed Aikido against keeping the regional patchwork and against several incumbent vendors. The decision came down to a small set of factors.
- One platform that covers code and containers
- Self-serve onboarding at aikido.dev without procurement friction
- Coverage of the multiple languages and frameworks used across global teams
- An IDE plugin that lets developers fix issues in place
- A responsive vendor when newly disclosed CVEs need rapid validation
Results
Aikido changed the dynamic from "the security team is asking me to fix this" to "this is part of shipping the change." Yolanda’s team also runs targeted training for security champions, focused on the issues each team hits most.
For the first time, security leadership at Believe can compare posture across France, New York and Japan on the same data and the same definitions.
Pulling container scanning into Aikido alongside code-level findings closed a long-standing gap. Findings no longer split between two consoles and two prioritisation models.
How Believe is expanding its use of Aikido
Already using
- SAST and SCA scanning
- Container scanning
- AI AutoFix
- IDE plugin for in-editor fixes
- AI pentesting
Planning to adopt
- Expanded DAST coverage
Evaluating next
- Aikido Zen Firewall
Final verdict
“Aikido is a game changer for me. One tool, covering multiple companies, and we raised our security level faster than I expected.”
