估值 01
1000 USD M 尽调报告
Aikido Security
开发者优先的代码到云安全平台,估值站上 $1B
Aikido Security 是一家可信的开发者优先安全平台,增长和产品广度都强,但 $1B 估值走在了留存公开经营证据可支撑范围之前。
封面要素
累计融资 02
85 USD M 最新轮次 03
$60M Series B 成立时间 04
2022 入门价格 05
Free; paid tiers from $350 / $700 / $1,050 per month 客户规模信号 06
100,000+ teams 员工数信号 07
164-200+ 估值信号 08
Stretched on public evidence 公司概况
Aikido Security 是一家创立于 Ghent 的开发者安全平台,围绕统一的代码到云工作流构建。产品覆盖 SAST、 SCA、secrets、IaC、容器、云、API、运行时、报告,以及 Aikido Infinite 等较新的自主渗透测试流程。 公司靠免费增值和透明定价获客,再通过企业功能、合作伙伴渠道、合规驱动工作流和 AI 渗透测试扩张。 公开客户证据在软件驱动团队和组合式铺开中最强;公开财务证据更多证明融资和增长方向,而不是经审计的经营质量。
- 成立时间
- 2022-09-01
- 创始人
- Willem Delbare, Roeland Delrue, Felix Garriau
- 创立地点
- Ghent, Belgium
- 总部
- Ghent, Belgium / London, United Kingdom
- 产品
- Aikido 提供统一软件安全平台,覆盖代码、云、运行时、合规证据生成和 AI 渗透测试。关键公开资产包括透明 SaaS 定价、本地扫描器和本地部署选项、通过 Zen 提供的运行时保护、通过 Safe Chain 和 Opengrep 提供的供应链保护, 以及 Aikido Infinite 连续渗透测试流程。
- 客户
- 主要可见契合点在云原生软件公司、成长型公司、企业平台团队、有审计压力的金融科技买家、代理商 / MSP, 以及需要把低噪声安全嵌入日常工程流程、覆盖大量代码仓库或开发者的组合式铺开。
- 商业模式
- 免费增值和自助式 SaaS,公开 Basic、Pro、Advanced 标价;随后通过支持、培训、多租户管理、本地部署、 合作伙伴转售 / MSP 渠道动作,以及 AI 渗透测试或验证相邻变现来扩张企业收入。
- 阶段
- Late-stage private; Series B in January 2026 at $1B valuation
- 融资情况
- 已披露总融资约 $85 million,横跨种子轮、Series A、Series B 以及更早的可转债融资信号。 最新 $60 million Series B 由 DST Global 领投,PSG Equity 和既有投资者参投。
执行摘要
主要优势
- 开发者优先的一体化平台,覆盖代码、云、运行时、合规和 AI 渗透测试,产品面确有广度
- 定价透明、上手快,支撑低摩擦落地和扩张
- 公开资本支持扎实:$60M Series B,累计披露融资约 $85M
- 客户证据显示部署面大、噪音减少可量化,并已接入工作流
- 开源和开发者信号资产增强技术可信度,不只靠营销页背书
主要风险
- 公开估值更多依赖增长观感和薄弱 ARR 验证,尚缺经审计经营质量支撑
- 合并收入、毛利率、NRR、烧钱速度和现金跑道,在留存公开证据中仍不可得
- 面向受监管大型企业和审计级合规的准备度看起来不错,但仍需一手尽调
- 评测中提到的包装和深度限制,可能拖慢高端市场扩张或压低定价权
- 实体层面备案显示 FY2025 前仍亏损,尚未证明可自筹资金实现盈利
未决问题
- 合并管理层财务报表和最新现金余额
- ARR 桥、收入确认政策、NRR/GRR 和客户集中度
- 实际企业定价、折扣和合作伙伴经济性
- 托管版与本地版功能一致性,以及更新 AI 渗透测试主张的基准证据
- Series B 后股权结构、清算优先权和晚期投资者下行保护
目录
01公司概况
1.1 身份定位、运营足迹与产品逻辑
Aikido Security 一直把自己定位成开发者优先的统一安全平台,把代码、云和运行时安全接到同一套工作流里。 官方关于页、定价页、媒体资料包、客户故事,以及 2026 年 1 月 Series B 公告都在强化这一身份。 公司的卖点不只是功能覆盖广,而是让开发者拿到更少但质量更高的安全任务,并把分诊、修复和合规证据生成嵌进日常工程工作。 定价页也说明这是一款 SaaS 产品:免费增值入口、自助接入,再向更广的平台治理、报告和企业服务付费扩张。 地理身份比通常的标题更需要谨慎处理。媒体资料包称 Aikido 创立于比利时 Ghent,外部报道也反复把它描述成一家总部在 Ghent 的比利时创业公司。 但官方关于页目前列出伦敦的英国总部和芝加哥的美国办公室,招聘页则称公司支持远程,以比利时为大本营,并在 Ghent、London、Chicago 和 San Francisco 招人。 更合理的综合判断是,Aikido 明确源自比利时,人才品牌仍以比利时为中心;但当前公开运营足迹已经跨国,确切法律总部结构无法从留存来源完全看清。 [CO001, CO003, CO004, CO005, CO006, CO007]
| 指标 | 数值 / 状态 | 日期 / 锚点 | 置信度 | 缺口 / 限制 |
|---|---|---|---|---|
| 成立 | 2022 | 历史资料 | 高 | 公开来源对月份的说法不如年份稳定。 |
| 起源地 | 比利时根特 | 2022 / 2026 引用 | 中 | 官方新闻资料包和媒体报道支持比利时起源,但各页面对当前总部的表述不一致。 |
| 当前公开布局 | 比利时大本营 + 伦敦 + 芝加哥 + 旧金山岗位 | 2026-05-22 | 中 | 当前法律实体和总部标注仍部分不透明。 |
| 核心平台范围 | 代码、云、运行时、AI 渗透测试 | 2026-05-22 | 高 | 这是公司自述范围,不是经过独立审计的产品地图。 |
| 价格入门档 | 免费计划;付费档每月从 $350 / $700 / $1,050 起 | 2026-05-22 | 高 | 企业定制服务没有在页面上完全拆项。 |
| 最近一轮融资 | $60M Series B 轮 | 2026-01-14 | 高 | 金额证据充分;详细条款未披露。 |
| 估值 | $1B | 2026-01-14 | 高 | 公开估值标题有披露;所有权稀释和优先权没有披露。 |
| 已披露累计融资 | ~$85M | 2026-05-22 | 中 | 合计取决于是否把早期可转债资金计为正式轮次。 |
| 公开客户规模 | 3,000 个组织 / 6,000 名开发者(2024);100,000+ 个团队(2026) | 2024-05 至 2026-05 | 中 | 分母不同,直接做时间序列比较风险很高。 |
| 具名客户 | 具名客户:Premier League、Revolut、SoundCloud、Niantic、Visma | 2024-2026 | 中 | 公开可见具名客户标识,但合同规模和部署深度未披露。 |
| 收入动能 | 2025 年增长 5x | 2026-01-14 | 中 | 没有公开经审计的 ARR 或收入基数。 |
| 员工数 | 公开区间为 130 至 200+ | 2026 来源 | 低 | 留存来源对当前员工数的说法有实质冲突。 |
混合了公司官方表述、转载新闻稿和独立新闻。公开规模信号方向上很强,但客户数和员工数在不同来源中使用的分母不一致。
[CO001, CO003, CO004, CO006, CO007, CO017]Aikido 如何把比利时创始根基、产品广度、工作流自动化、客户证明和新资本串成一套开发者优先的安全运营模型。
[CO003, CO004, CO006, CO007, CO008, CO009]1.2 创始人、领导层与治理可见度
作为一家这个阶段的欧洲私营网络安全公司,Aikido 的领导层可见度相当强,但治理可见度仍不完整。 当前官方招聘材料列出 Willem Delbare 为联合创始人兼 CEO/CTO,Roeland Delrue 为联合创始人兼 COO,Felix Garriau 为联合创始人兼 CMO。 同一页面还列出已故联合创始人兼首席增长官 Madeline Lawrence,以及 Thijs Janse、Louis Jonckheere 等商业负责人。 因此,谁在推动产品、运营、营销、增长和美国扩张,公开材料给出了清晰图谱。 创始人与市场的匹配,是公司概览里更有说服力的部分。公开访谈和融资报道反复把 Aikido 描述成一款由前运营者打造的产品, 他们曾被噪声大、割裂的开发者安全工具困扰。Delbare 过去的公司搭建经验,也解释了团队在产品包装和 GTM 执行上的速度。 但投资者需要把领导层可见度和治理披露分开看。留存公开材料列出了资本提供方和战略支持者,却没有给出干净的董事会名单、 委员会地图或独立董事结构。对一家估值已达 $1 billion 的公司来说,这是实质性尽调缺口,不是无关紧要的遗漏。 [CO010, CO011, CO012, CO013, CO044]
| 人物 | 当前公开职务 | 背景 / 职能覆盖 | 关键人物依赖 |
|---|---|---|---|
| Willem Delbare | 联合创始人 / CEO & CTO | 连续 SaaS 创业者,也是产品和融资叙事的主要公开发言人。 | 高——集产品愿景、技术可信度和对外叙事于一身。 |
| Roeland Delrue | 联合创始人 / COO | 偏运营的联合创始人,绑定规模化和执行纪律。 | 中——对运营很关键,但外部可见度低于 Delbare。 |
| Felix Garriau | 联合创始人 / CMO | 覆盖品牌、叙事和品类定位。 | 中——对需求生成和品类框定重要。 |
| Madeline Lawrence | 后加入联合创始人 / CGO | 官方公司内容中可见其增长和传播领导职责。 | 中——增长执行重要,但该头衔不常见,值得澄清。 |
| Thijs Janse | CRO | 覆盖企业销售和商业规模化。 | 中。 |
| Louis Jonckheere | 美国总经理 | 北美扩张和运营落地。 | 中。 |
这是基于公开信息的运营领导层视角,不是完整治理地图。公开留存来源没有披露完整董事会名单、委员会结构或独立董事。
[CO010, CO011, CO012, CO013]1.3 融资形成、牵引力与公开规模
Aikido 的融资轨迹压缩得不寻常。2023 年 11 月的公开种子轮报道描述了一笔由 Notion Capital 和 Connect Ventures 共同领投的 €5 million 融资; 公司和 TechCrunch 随后记录了 2024 年 5 月由 Singular 领投、Notion 和 Connect 继续支持的 $17 million Series A。 2026 年 1 月的 Series B 又加入 $60 million,由 DST Global 领投,PSG Equity 和既有投资者参投,并把公司定价到 $1 billion 估值。 官方关于页现在总结累计融资约 $85 million,而 BankInfoSecurity 报道四轮融资接近 $85 million,暗示正式种子轮前可能有规模更小的种子前轮或可转债融资。 牵引力信号很强,但需要谨慎归一化。Series A 叙事强调 3,000 家组织和 6,000 名开发者;到 2026 年 1 月,公司材料转向 100,000+ 个团队, 并列出 Premier League、Revolut、SoundCloud、Niantic 等公开客户。收入据称在 2025 年增长五倍,客户数增加逾三倍; 即便公司仍未披露 ARR、毛利率、留存或经审计收入,这一方向性表现也很亮眼。评论平台证据在易用性和广度上偏正面, 但样本仍小,机构投资者应把它当作支持信号,而不是持久企业级产品市场匹配的最终证明。 [CO014, CO015, CO016, CO017, CO018, CO019]
| 利益相关方 | 角色 | 控制权或经济重要性 | 尽调问题 |
|---|---|---|---|
| DST Global | Series B 轮领投方 | 2026 年 1 月融资的主要背书方,也是晋级独角兽的关键验证。 | 要求提供 Series B 文件中的持股比例、董事会权利和清算条款。 |
| PSG Equity | Series B 轮参与方 | 成长股权参与方,可能与销售落地和规模化纪律相关。 | 澄清 PSG 是否拥有董事席位、观察员权或特殊信息权。 |
| Singular.vc | Series A 轮领投方 / 持续投资者 | 早期机构支持者,很可能影响公司建设和后续支持。 | 确认 Series B 后的按比例跟投和当前董事会角色。 |
| Notion Capital | 种子轮 + Series A 轮 + Series B 轮支持方 | 多轮参与释放信心和连续性信号。 | 量化累计持股和任何预留按比例跟投权利。 |
| Connect Ventures | 种子轮 + Series A 轮支持方 | 早期资本和欧洲网络支持。 | 确认 Series B 后 Connect 是否仍积极参与治理事项。 |
| Inovia Capital Precede Fund I 基金 | 种子轮投资者 | 公司成立期的重要早期机构支持。 | 要求提供当前持股和任何剩余信息权。 |
| 天使 / 战略支持者 | 包括 Christina Cacioppo,以及后来的 Nik Storonsky 等 | 在纯资本之外增加品牌光环和运营者可信度。 | 区分股权结构表上的象征性名字和真正有治理影响力的投资者。 |
公开材料清楚列出融资参与方,但没有列出股权比例或正式控制权。本表因此强调利益相关方相关性,不是确定治理图。
[CO014, CO015, CO017, CO018, CO019, CO020]面向投资的记分卡,总结截至运行日的成熟度、增长质量、产品广度、治理透明度和披露可靠性。
综合公司官方说法、独立报道和评论平台数据。这是一张分析记分卡,不能替代原始 KPI 表或审计指标。
[CO012, CO017, CO018, CO022, CO024, CO026]1.4 里程碑、混合信号与未决问题
里程碑记录支持融资标题之外的真实动能。Aikido 于 2023 年 4 月公开发布,约六个月内从种子轮推进到 Series A, 2025 年 9 月收购 AI 原生渗透测试团队 Allseek 和 Haicker,并在 2026 年 2 月推出 Aikido Infinite, 定位为连续 AI 渗透测试和修复产品。公司显然正从广义开发者安全平台,演进成围绕自我安全软件和机器速度渗透测试的更强自主安全逻辑。 同一记录也暴露了后续章节的主要尽调注意点。公开员工数报道并不一致,2026 年 1 月和 5 月来源分别提到 130、164、180 和 200+ 名员工。 客户披露的分母也在组织、开发者和团队之间切换,直接横向比较任何一个数字都很危险。评论来源整体有利, 但反向点也重要:用户仍指出高级 API 和报告能力缺失、部分误报残留,以及低阶套餐存在功能缺口。最重要的是,治理结构、 经审计财务和当前精确客户账户数仍属私有。公司看起来增长快且可信,但还没有完全透明。 [CO026, CO028, CO029, CO030, CO034, CO035]
| 日期 | 事件 | 类型 | 金额 / 估值 / 状态 | 参与方 | 含义 |
|---|---|---|---|---|---|
| 2022-09 | Aikido 启动,开始搭建开发者优先的安全平台 | 创立 | 公司成立 / 自筹启动 | Willem Delbare、Roeland Delrue、Felix Garriau 领衔的创始团队 | 确立比利时起源和创始人主导的产品逻辑。 |
| 2023-04 | 公开产品发布 | 产品 | 平台上线 | Aikido 团队 | 确定后续增长比较使用的商业起点。 |
| 2023-11 | 种子轮 | 融资 | €5M | Notion Capital、Connect Ventures、Inovia、天使投资人(包括 Christina Cacioppo) | 验证早期 SME / 开发者安全需求,并为销售落地扩张提供资金。 |
| 2024-05 | Series A 轮 | 融资 | $17M | Singular.vc,Notion Capital 和 Connect Ventures 参与 | 推动 Aikido 从种子期验证走向国际扩张。 |
| 2024-05 | 披露客户和开发者牵引力 | 规模 | 3,000+ 个组织 / 6,000+ 名开发者 | 公司通过新闻稿 / 博客 / 新闻披露 | 给出首个具体的公开使用基线。 |
| 2025-09 | 收购 Allseek 和 Haicker | 产品 | 加入 AI 原生渗透测试能力 | Aikido + 瑞士和比利时黑客团队 | 在下一轮融资前加速自主渗透测试逻辑。 |
| 2026-01-14 | Series B 轮及独角兽估值 | 融资 | 估值 $1B,融资 $60M | DST Global 领投;PSG、Singular、Notion 等参与 | 为更广泛的平台扩张奠定资本基础和品牌信号。 |
| 2026-01 | 披露 2025 年运营更新 | 规模 | 收入增长 5x;客户基数增长超过 3 倍 | 公司管理层 | 动能强,但仍未披露经审计收入。 |
| 2026-02-24 | Aikido Infinite 发布 | 产品 | 持续 AI 渗透测试 / 自我保护软件 | Aikido Security | 将平台从广泛检测延伸到自主测试和修复。 |
| 2026-05 | 当前官方简介强调 200+ 名员工和 100,000+ 个团队 | 规模 | 200+ 名员工 / 100,000+ 个团队 | 官方关于页面和新闻资料包 | 显示公司仍在对外扩张,但员工数精度仍有争议。 |
| 2026-05 | 公开评论平台出现功能缺口投诉 | 反向 | 评价混合但总体正面 | G2 和 Capterra 评论者 | 显示可用性强,但产品深度仍需补课。 |
这是第 1 章采用的记录时间线。它混合融资、产品、规模和一个反向评论信号,因为所审查期间没有公开留存的监管或法律负面事件。
[CO001, CO002, CO014, CO015, CO017, CO018]按时间线展示 Aikido 的成立、压缩融资路径、AI 渗透测试扩展,以及尽调仍需关注的主要公开疑点。
[CO001, CO002, CO003, CO004, CO014, CO015]02市场分析
2.1 市场边界、纳入支出与替代方案
Aikido 最有用的市场边界不是泛化的网络安全支出。Aikido 自己的产品页和用例页显示, 该平台横跨应用安全、软件供应链安全、云态势、运行时或攻击面覆盖,以及面向合规的证据生成。 这意味着公司的真实可服务市场大于纯 SAST 或 DAST 预算,但也没有覆盖大型企业可能花出的每一美元安全支出。 合适边界是代码到云的开发者安全:服务那些希望用一个系统减少工具数量、加快修复并做好审计准备的团队。 留存官方细分页也显示,Aikido 有意卖进多个买方环境:创业公司、企业团队、金融科技、代理商和伙伴主导渠道。 因此,替代方案包括独立 AppSec 工具、云安全工具、点状合规工具、手工或定期渗透测试、开源扫描器拼盘,以及 CI/CD 内部自建。 Aikido 的对比页直接把这一点说透,把 Snyk、GitHub Advanced Security、Orca、Veracode 和 Mend 框定为现状替代方案。 这对市场规模测算很关键:只看代码扫描,会低估 Aikido 想解决的问题;把所有云安全和 GRC 支出都纳入,又会高估。 [CM001, CM002, CM003, CM009, CM010, CM011]
| 视角 | 纳入支出 | 排除支出 | 现状替代方案 | 为什么对 Aikido 重要 |
|---|---|---|---|---|
| 核心 AppSec 工具 | SAST、SCA、DAST、API 测试、IaC、容器、攻击面扫描 | 网络安全、SIEM、终端、身份、通用 MDR | 独立扫描器和开源工具链 | 这是 Aikido 最接近的直接 TAM 集群。 |
| 代码到云的开发者安全平台 | 核心 AppSec,加上 CSPM、运行时或 Web 暴露、修复自动化、工作流集成 | 广义 SOC 或终端预算 | Snyk + Orca + 工单 + 手工修复拼盘 | 契合 Aikido 对统一平台的市场表述。 |
| 合规驱动的 AppSec | 技术漏洞管理控制、证据生成、GRC 集成 | 纯政策管理和非技术审计工作 | 免费工具拼盘,或专用合规套件加扫描器 | 重要,因为合规常常触发首次落地。 |
| 服务驱动的安全交付 | 代理商、MSP、经销商和合作伙伴托管的客户保护 | 完全定制的企业咨询或纯人力外包 | 手工渗透测试、咨询顾问主导的评审、托管扫描组合 | 把分发扩展到直接自助账号之外。 |
| 更广的云与运行时相邻领域 | 攻击面、API 安全、运行时验证、AI 渗透测试 | 与软件安全无关的所有云基础设施支出 | 单点 DAST 或渗透测试厂商、内部安全测试团队 | 说明只看代码的窄口径会低估 Aikido 的实际市场边界。 |
本表定义第 2 章采用的边界。它有意把 Aikido 的直接 AppSec 核心与相邻合规、合作伙伴和运行时工作流分开;后者会扩大实际市场,但不等于把每一笔安全预算都变成可触达 TAM。
[CM001, CM002, CM009, CM010, CM011, CM012]价值链视角展示外部压力和开发者痛点,如何进入平台评估、落地、模块扩张和合规证据生成。
[CM008, CM009, CM021, CM025, CM029, CM030]2.2 TAM、SAM、SOM 与相互矛盾的估计
第三方市场估计确认应用安全已经是大市场,但这些估计并不能直接对比。Mordor 和 Fortune 都把 2026 年全球应用安全市场放在约 $14.8 billion 至 $14.9 billion, Coherent 的方向也类似,略高于 $15 billion。相反,MarketsandMarkets 发布的 2026 年数字要宽得多,为 $41.16 billion, 2031 年数字超过 $66 billion。区间太宽,不能盲目平均。更合理的解释是,较窄的一组追踪核心 AppSec 工具和相关服务, 较大的数字则纳入了围绕应用保护的更广平台和服务边界。 具体到 Aikido,自下而上的视角比单个行业标题更有用。Mordor 称大型企业仍占支出多数,但中小企业是增长更快的部分。 这一点重要,因为 Aikido 的定位、定价、接入模式和行业页,都偏向那些需要严肃覆盖、又不想背上安全项目开销的团队。 2026 年核心 AppSec 的可辩护 TAM 接近 $15 billion,但 Aikido 的实际 SAM 是更小的一块: 云原生 SMB、金融科技、代理商和数字原生企业团队,并且愿意购买集成式、开发者优先安全。合理的分析性 SAM 区间约为 $2 billion 至 $3 billion; 在公司证明能更深打入超大型企业账户和受监管买家之前,近期 SOM 应低于 $1 billion。 [CM015, CM016, CM017, CM018, CM019, CM020]
| 视角 | 2026 年数值 | 时间范围 / 来源 | 覆盖内容 | 对 Aikido 的限制 |
|---|---|---|---|---|
| 全球核心 AppSec 市场 | $14.83B | Mordor 2026 | 应用安全工具和服务,包含云和企业分段 | 有用锚点,但仍宽于 Aikido 当前理想客户画像(ICP)。 |
| 全球核心 AppSec 市场 | $14.86B | Fortune 2026 | 按区域和类型拆分的应用安全市场 | 与 Mordor 非常接近;强化接近 $15B 的窄口径 TAM 区间。 |
| 全球核心 AppSec 市场 | $15.04B | Coherent 2026 | 长期 CAGR 更高的应用安全市场 | 支持同一数量级,但方法论可能不同。 |
| 广义 AppSec 市场 | $41.16B | MarketsandMarkets 2026 | 更宽的应用安全解决方案和服务边界 | 可能高估 Aikido 在 2026 年的直接可触达空间。 |
| 窄口径 TAM 中估算的 SMB 份额 | ~$5.9B | 由 Mordor 企业 / SMB 拆分推导 | 窄口径 AppSec 中快速增长的 SMB 和中端市场部分 | 仍然过宽,因为并非所有 SMB 买家都符合 Aikido 的工作流。 |
| 估算的 Aikido 实际 SAM | $2B-$3B | 分析师基于窄口径 TAM 和 Aikido 理想客户画像(ICP)筛选估算 | 云原生初创公司、金融科技、代理机构和较轻量的企业团队 | 这是推断值,不是已发布的分析师数字。 |
| 估算的近期 SOM | $0.3B-$0.8B | 分析师基于 SAM 并扣除购买摩擦后估算 | 在当前品牌、产品深度和渠道状态下最容易触达的部分 | 对企业胜率和合作伙伴规模高度敏感。 |
公开的 2026 年市场估算不可直接比较,因为范围定义不同。推导的 SAM 和 SOM 行是分析估算,基于已发布市场规模以及 Aikido 可观察到的细分聚焦、定价和产品包装。
[CM015, CM016, CM017, CM018, CM019, CM020]分析师式柱状图,对比狭义核心 AppSec TAM、更宽市场定义,以及为 2026 年推导的 Aikido 专属 SAM 和 SOM 视角。
数值结合已发布分析师估计,并按 Aikido 表面 ICP 做推导筛选。推导出的 SAM 和 SOM 是方向性分析区间,不是公司披露目标。
[CM015, CM017, CM020, CM033, CM034, CM041]2026 年市场视角的低、中、高估计,解释已发布 AppSec 数字为何分歧大,以及为何 Aikido 的直接市场应按更窄筛选测算。
有已发布第三方 2026 年市场数值时,将其作为中点。低、高边界反映分析师分歧,不代表管理层指引。
[CM015, CM016, CM017, CM018, CM019, CM036]2.3 买方、用户、付款方与渠道分层
Aikido 的官方行业页和集成页暗示的是分层 GTM,而不是单一、铁板一块的 ICP。创业公司购买,是因为创始人、CTO 和早期开发者需要一款一体化工具, 在没有搭建专职 AppSec 团队的情况下跑通安全编码和合规基础。企业买家关心 SSO、基于角色的访问、本地扫描器、monorepo 管理、 大型代码仓库或多云覆盖等规模化控制。金融科技买家优先考虑客户、审计师和监管方眼中的可信度,尤其围绕 DORA、PCI DSS、ISO 27001 和 NIS2。 代理商和 MSP 则看重多租户管理、利润保护,以及证明自己能在不推高运营成本的情况下保护许多客户代码仓库。 用户和付款方并不总是同一批人。跨细分市场看,开发者和平台工程师是日常用户;但预算所有者会变化: 创业公司里是创始人或 CTO,企业里是安全或平台负责人,金融科技里是合规和风险负责人,代理商里则是负责人或交付经理。 伙伴和集成页给分层又加了一层。Vanta、Drata 和 Sprinto 不是纯粹竞争对手;它们是相邻的合规系统, 可以帮助 Aikido 在审计准备是首个购买触发点的场景落地。同样,分销商、MSP 和技术伙伴动作可以把分发扩展到偏好服务主导采购或捆绑产品的账户。 [CM003, CM004, CM005, CM006, CM007, CM008]
| 细分市场 | 主要用户 | 典型付款方 / 预算负责人 | 采用触发因素 | Aikido 契合度证据 |
|---|---|---|---|---|
| 初创公司 / SMB 软件团队 | 开发者、CTO、DevOps 负责人 | 创始人或 CTO 预算 | 没有专职 AppSec 人员,但需要一体化安全和认证基础 | 通过初创公司页面、定价和自助接入显示强契合。 |
| 企业平台 / 安全团队 | 平台工程、AppSec、安全运营 | 安全负责人或平台负责人 | 需要 SSO、角色控制、本地扫描、大型代码仓库和用户规模 | 存在契合,但相对企业级既有厂商的深度仍是尽调问题。 |
| 金融科技 / 受监管数字业务 | 工程团队,以及合规 / 风险利益相关方 | CTO、CISO、合规负责人 | 需要符合 DORA、PCI、ISO 27001、SOC 2 和 NIS2 的证据与可信度 | 官方金融科技和合规页面给出强监管契合叙事。 |
| 代理机构 / MSP | 管理大量客户代码仓库的交付团队 | 代理机构负责人或服务经理 | 需要多租户管理、高效客户安全证明和利润率保护 | 当安全打包进经常性服务时,契合度较好。 |
| 通过 GRC 工具进入的合规驱动买家 | 安全与合规团队 | 安全 / 合规预算负责人 | 需要把证据自动化接入 Vanta、Drata 或 Sprinto 工作流 | 相邻场景切入,有助于打进审计准备最痛的账户。 |
| 伙伴主导的渠道买家 | 经销商、MSP、技术合作伙伴 | 看合作伙伴经济账,而不是直接席位负责人 | 更偏好捆绑、服务主导或联合销售式采购 | 是突破直接自助销售之外分销的有用杠杆。 |
这张细分图反映 Aikido 官方行业、合作伙伴和集成页面中可见的买家原型;它按工作流切分,并不声称每个细分市场已经贡献相同收入。
[CM003, CM004, CM005, CM006, CM007, CM008]矩阵把 Aikido 的主要买方客群映射到用户画像、预算负责人、采购路径和主要采用触发点。
[CM003, CM004, CM005, CM006, CM007, CM008]2.4 增长驱动、采用约束与市场逻辑
结构性增长驱动很强。第三方市场报告和监管来源都指向同一方向:更多云原生应用、更多 API、更多开源依赖、更多 AI 生成代码,以及更多合规义务。 Latio 报告认为,AI 辅助编码和扫描器整合正在重塑应用安全;CISA 则把 SBOM 和 VEX 抬升为软件供应链基本项。 EU Cyber Resilience Act 把生命周期安全和漏洞管理推入软件采购预期,Aikido 自己的金融科技和合规页面也把 DORA、PCI、ISO 27001、 SOC 2、HIPAA、NIS2 和 OWASP 转化成具体买方痛点。 但市场采用并非没有摩擦。AppSec 买家仍要处理工具噪声、类别重叠、点状产品之间的重复支出,以及误报淹没工作流时开发者的怀疑。 SMB 和创业公司环境里价格敏感是真问题,大企业则常常偏好既有套件、内部自建或同类最佳专家工具。 因此,Aikido 的市场逻辑最好概括为品类收敛加工作流简化。公司最清晰的赛道不是“所有网络安全”,而是帮助开发者和精简安全团队, 用一个集成平台替换割裂的 AppSec 和合规工作流。如果 Aikido 持续在速度、可负担性和证据自动化最重要的场景取胜,市场足够大。 如果市场重新向重型企业套件集中,或买方认定同类最佳深度比整合更重要,采用速度就会慢于宽口径 TAM 暗示。 [CM023, CM024, CM025, CM026, CM027, CM028]
| 因素 | 方向 | 证据 | 对采用的影响 | 注意事项 |
|---|---|---|---|---|
| AI 辅助编码与更快发布 | 驱动因素 | Latio 报告和 Aikido 产品叙事 | 发布节奏变快,扫描、修复和持续测试也要跟上 | 如果 AI 功能质量不高,也会放大供应商噪音。 |
| API 与云原生复杂度 | 驱动因素 | Mordor、MarketsandMarkets、官方 API 和 DAST 页面 | 扩大对代码到云统一可见性与测试的需求 | 成熟团队可能更偏好更深的单点最佳工具。 |
| 供应链风险与 SBOM / VEX | 驱动因素 | CISA SBOM 指南和 Aikido 合规页面 | 推动买家转向 SCA、证据工具和供应商透明度 | 仅靠 SBOM 并不能保证转化为付费产品。 |
| 监管与审计压力 | 驱动因素 | 官方页面中的 Cyber Resilience Act、DORA / PCI / NIS2 表述 | 压缩金融科技和接受客户审计的软件公司的采购周期 | 规则制造紧迫感,但预算仍按细分市场差异很大。 |
| 工具蔓延与误报 | 整合驱动因素 | Latio 和 Aikido 替代方案页面 | 支撑单平台采购逻辑和减少积压的价值 | 偏好最佳单点工具的买家可能仍更看重深度,而非整合。 |
| SMB 预算敏感 | 约束 | 初创企业和替代方案页面 | 推动买家选择更便宜、免费增值或捆绑的方案 | 除非公司向上进入大客户市场,否则可能限制 ACV。 |
| 企业切换成本与信任 | 约束 | 企业页面和替代品集合 | 放慢替换既有安全栈的节奏 | 让企业 SAM 更难快速变现。 |
| 渠道与集成依赖 | 约束 / 助力 | 合作伙伴页面及 Vanta / Drata / Sprinto 页面 | 能打开新账户,但也把分销绑到外部伙伴身上 | 伙伴主导收入的质量仍需验证。 |
方向来自第 2 章分析,不是某个单一来源的观点。同一因素可能利好也可能伤害,取决于买家优先考虑整合、价格还是深度。
[CM021, CM023, CM024, CM025, CM026, CM027]03竞争格局
3.1 竞争版图、同业集合与替代类别
Aikido 的替代集合远不止一个具名对手。公司自己的对比页列出了多个集群里的直接同业: Snyk 和 Semgrep 等开发者优先 AppSec 专家;GitHub Advanced Security 和 GitLab Ultimate 等平台原生代码托管方; Veracode 和 Checkmarx 等企业优先 AppSec 厂商;Orca、Jit、Apiiro 等偏云或态势的平台;以及 Mend 和 Endor Labs 等聚焦供应链的厂商。 这是理解竞争的正确方式,因为买家不会只拿范围完全相同的一对一产品对比。他们比较的是在既有技术栈里解决同一问题的可信路径。 这种更宽的框架也意味着,现状不只是“再买一个工具”。买家可以继续使用开源扫描器拼盘,依赖 GitHub 或 GitLab 的平台原生功能, 把更多工作外包给渗透测试人员或顾问,或把只管代码和只管云的厂商组合起来。AppSec Santa 的 2026 替代方案指南也强化了这一点: 决策往往关乎深度与简单之间的取舍,而不是扫描器数量本身。Aikido 的主要竞争优势是简单、价格透明和捆绑覆盖。 主要脆弱点则是,专业化买家完全可能理性选择范围更窄但深度更强的平台。 [CP001, CP012, CP013, CP029, CP038]
| 竞争对手 | 核心定位 | 目标客户 | 产品范围 | 战略方向 |
|---|---|---|---|---|
| Snyk | 开发者优先的 AppSec 平台 | 中端市场到企业级软件团队 | 代码、供应链、API / Web、容器、IaC | 以整合式 AppSec 平台切入,叠加模块插件和 AI 安全定位。 |
| GitHub Advanced Security | GitHub 原生安全套件 | 从 SMB 到企业级的 GitHub 中心团队 | 密钥保护、代码安全、依赖监控 | 把安全直接挂到代码库和 GitHub 工作流上。 |
| Semgrep | 按贡献者计费的代码与供应链安全 | 开发者主导团队和安全工程师 | SAST、SCA、密钥、AI 分诊 / 修复 | 把规则扫描和 AI 结合起来,降低入门摩擦。 |
| Veracode | 企业级 AppSec 平台 | 大型受监管企业 | SAST、DAST、SCA、IaC、容器、AI 修复 | 主打企业信任、治理和规模化安全编码。 |
| Checkmarx | 云端 AppSec 套装,叠加企业级插件 | 企业 AppSec 项目 | SAST、SCA、DAST、API、IaC、密钥、ASPM | 以 SAST 或供应链落地,再扩展到完整平台。 |
| Orca Security | 无代理云安全与 CNAPP | 云优先企业 | 云、云原生应用、上下文驱动优先级排序 | 靠无代理云上下文和告警降噪取胜。 |
| Endor Labs | AI 原生应用与供应链安全 | 工程能力强的企业 | 可达性、优先级排序、积压削减、智能体安全 | 以精度和供应链深度竞争。 |
| Jit | 带上下文图谱的安全执行平台 | 云原生产品团队 | 跨集成扫描器编排代码到云再到运行时 | 统一信号并自动执行,而不是替换每个工具。 |
| Apiiro | 带 Risk Graph 的统一 ASPM | 正在成熟的 AppSec 项目 | AppSec 资产清单、风险优先级、软件供应链 | 主打上下文丰富的优先级排序和图谱化安全态势。 |
| GitLab Ultimate | 带高级安全与合规的 DevOps 平台 | 以 GitLab 标准化的企业 | DevOps、CI/CD 与集成安全 | 把安全捆绑进更大的 DevOps 平台销售动作。 |
这些画像反映与 Aikido 最相关的替代品集合,并非 AppSec 市场全量盘点;它们覆盖直接同类、既有厂商、相邻厂商和平台原生替代方案,这些都会影响买家选择。
[CP001, CP002, CP003, CP004, CP005, CP006]按集成覆盖广度(x 轴)和企业深度 / 信任度(y 轴)映射 Aikido 与主要同行。
位置是基于保留官方页面和定价指南的有证据排序估计,不是数值化产品基准。
[CP001, CP004, CP005, CP006, CP007, CP008]3.2 能力、定价与战略方向
竞争者阵营分成几种不同战略模型。Snyk 仍是广义开发者优先 AppSec 平台,采用附加模块和按席位定价。 GitHub Advanced Security 在市场最大开发者工作流里销售原生代码和 secret 保护。Semgrep 以开发者友好、免费入口和基于贡献者的模型竞争。 Veracode 和 Checkmarx 强调企业级平台广度、治理和更深入的大账户销售动作。Orca、Apiiro 和 Jit 是上下文丰富的代码到云或 ASPM 式定位的更强例子, Endor Labs 和 Mend 则更用力推软件供应链情报和优先级排序。 价格透明本身就是战略变量。Aikido 发布简单入门价,GitHub 发布代码和 secret 保护的 active-committer 定价, Snyk 宣传起步套餐,Semgrep 公开展示免费和付费包装。相比之下,上层企业市场中很大一部分仍依赖报价驱动采购。 AppSec Santa 的定价指南提到,企业 AppSec 技术栈很快就能进入每年 $30,000 至 $150,000 及以上区间。 这一点重要,因为 Aikido 想拿下的账户会把采购简单和总成本清晰当成产品的一部分,而不是商业脚注。 [CP002, CP003, CP004, CP005, CP006, CP007]
| 供应商 | 代码 / SAST | 供应链 / SCA | 云 / 态势 | 运行时 / 攻击面 | 治理 / 证据 |
|---|---|---|---|---|---|
| Aikido | 强 | 强 | 强 | 中等 | 中等 |
| Snyk | 强 | 强 | 有限至中等 | 通过 API / Web 达到中等 | 中等 |
| GitHub Advanced Security | GitHub 内强 | 通过依赖监控达到中等 | 弱 | 弱 | GitHub 内中等 |
| Semgrep | 强 | 强 | 弱 | 弱 | 中等 |
| Veracode | 强 | 强 | 中等 | 中等 | 强 |
| Checkmarx | 强 | 强 | 中等 | 中等 | 强 |
| Orca | 中等 | 中等 | 强 | 强 | 中等 |
| Endor Labs | 中等 | 强 | 弱 | 弱 | 中等 |
| Jit | 中等 | 中等 | 强 | 强 | 强 |
| Apiiro | 中等 | 强 | 中等 | 中等 | 强 |
| GitLab Ultimate | 中等 | 中等 | 弱 | 弱 | GitLab 内强 |
能力标签是定性且相对的,反映各供应商当前的公开定位和包装,不是跨所有模块的受控实验室基准。
[CP003, CP004, CP005, CP006, CP007, CP008]| 供应商 | 公开定价方式 | 商业模式 | 入门信号 | 对 Aikido 的含义 |
|---|---|---|---|---|
| Aikido | 透明 | 按层级收取 10 用户平台费,另有企业级插件 | $350 至 $1,050 / 月,10 用户 | 帮助 Aikido 赢下预算敏感的中端市场买家。 |
| Snyk | 部分透明 | 按贡献开发者计费,分多个方案和插件 | 官方标题称起价 $25 / 月 | 有竞争力,但模块蔓延可能抬高 TCO。 |
| GitHub Advanced Security | 透明 | 密钥保护和代码安全按活跃提交者计费 | 每名活跃提交者每月 $19 和 $30 | 面向 GitHub 原生团队拥有巨大分发优势。 |
| Semgrep | 透明 | 按贡献者计费,提供免费版和团队升级 | 10 个代码库 / 10 名贡献者以内免费 | 对 Aikido 形成强自下而上采用压力。 |
| Endor Labs | 半透明 | 免费开发者层级,加 Core / Pro 和捆绑 | 开发者可免费入门,但向企业增售 | 在供应链深度和精度叙事上挤压 Aikido。 |
| Checkmarx | 以报价为主 | 打包企业模块和插件 | 销售主导包装 | 企业定价不透明会拖慢 SMB 采用,但适合大型受监管买家。 |
| Veracode | 以报价为主 | 企业平台销售 | 留存页面没有公开标价 | 大客户里,信任和治理可能压过透明度。 |
| GitLab Ultimate | 透明的平台方案 | 更大的 DevOps 套件,含高级安全 / 合规 | 面向高级安全与合规的 Ultimate 层级 | 捆绑降低 GitLab 原生团队引入额外供应商的需求。 |
公开定价可见度本身就是竞争变量。在 AppSec 里,即便产品很强,不透明的企业包装也会抬高感知切换成本和采购摩擦。
[CP014, CP017, CP018, CP019, CP020, CP021]矩阵按竞争视角而非原始营销清单,突出 Aikido 竞争对手的强项。
[CP012, CP015, CP016, CP017, CP030, CP031]3.3 切换成本、多栖使用与分发力量
AppSec 的切换成本很少只来自某一个扫描器;成本来自围绕它搭起来的工作流。团队一旦把代码仓库、CI/CD、工单、身份、云账户、 策略规则、合规证据和历史发现接入同一平台,迁移成本就会上升。GitHub 和 GitLab 尤其如此,因为安全被卖进代码和流水线的事实记录系统。 对企业优先厂商也一样,它们多年把治理流程和报告接进安全团队。买家因此常常多栖使用:一个产品管代码或供应链,一个管云态势, 一个管合规证据,一个管渗透测试或 DAST。 多栖使用是一把双刃剑。它降低了 Aikido 面对的绝对切换门槛,因为许多买家本来就习惯混用厂商;但它也意味着 Aikido 的任一模块都可能被更强专家替代。 平台原生分发是最严肃的结构性竞争者。GitHub 和 GitLab 可以把安全附着到用户已经信任的代码仓库、工作流和定价计划上。 专家深度是第二个结构性竞争者。Endor、Mend、Orca、Apiiro、Veracode 和 Checkmarx 都可以在更窄领域声称专业能力。 Aikido 最好的防守,是在足够广、足够准、足够容易证明合理性之间达成平衡,让目标账户相信整合胜过专精。 [CP014, CP017, CP018, CP025, CP026, CP030]
| 风险 | 主要竞争对手群 | 为什么重要 | 近期严重性 | 监测信号 |
|---|---|---|---|---|
| 平台捆绑 | GitHub、GitLab | 安全可以在既有代码和 CI/CD 记录系统内销售。 | 高 | Aikido 目标账户中 GHAS 和 GitLab Ultimate 的附加率。 |
| 企业信任与治理缺口 | Veracode、Checkmarx | 大型受监管买家可能偏好企业历史和控制能力更深的供应商。 | 高 | 受监管企业账户的赢单 / 输单数据。 |
| 上下文丰富的代码到云竞争 | Orca、Apiiro、Jit | 这些供应商靠更丰富的图谱或云上下文以及集中优先级排序竞争。 | 中到高 | 客户对图谱化优先级排序或云深度功能的需求。 |
| 供应链专业化 | Endor Labs、Mend、Snyk | 如果买家最看重可达性和包智能深度,Aikido 可能丢单。 | 中 | RFP 中围绕可达性、EPSS、可利用性和包风险的措辞。 |
| 价格压缩 | Semgrep、GitHub、开源栈 | 低价或捆绑选项可能侵蚀 Aikido 的价格可负担优势。 | 中 | 竞争性折扣和免费转付费转化率。 |
| 功能趋同 | 所有主要同业 | AI 自动修复、优先级排序和平台广度正在全行业扩散。 | 高 | 缩小 Aikido 简洁优势的同等功能发布。 |
严重性是第 3 章的分析判断,不是单一来源引文。登记表按风险压缩 Aikido 在目标账户中差异化的速度排序。
[CP025, CP026, CP027, CP028, CP030, CP031]3.4 护城河耐久性、商品化风险与反向证据
最强的竞争问题不是 Aikido 有没有对手;它显然有。真正的问题是,当 AI 辅助扫描、自动修复和平台整合都变成基础配置后, 它的切入口还能否保持差异化。多条留存来源都指向收敛。Veracode 和 GitHub 都强调 AI 驱动修复。 Jit 和 Apiiro 强调上下文图谱和统一执行。Endor Labs 推 AI 原生推理加可达性。Orca 认为上下文和优先级排序才是告警疲劳的答案。 换句话说,几乎所有人都在走向“更少告警、更多上下文、更快修复”。 这种收敛带来真实的商品化风险。Aikido 自己的替代方案页有用,因为它们暴露了替代集合,但它们不是中立证据。 AppSec Santa 的替代方案指南更能说明核心取舍:当买家需要比一体化平台更深的专业化、更丰富的生态或更成熟的企业控制时, 就会去别处找。Aikido 的护城河因此是实用型,而非绝对型。如果它能把总成本保持在低位、让设置足够容易、并让跨层信号质量显著更好, 就能赢下耐久的中端市场位置。如果更大平台和更深专家补齐简单性差距,Aikido 的优势会快速变窄。 [CP015, CP016, CP027, CP028, CP029, CP036]
竞争评分卡,用来判断 Aikido 当前切入点面对主要外部压力时有多耐打。
评分是第 3 章的 1 到 10 分分析评级;衡量的是竞争耐久性,不是公司历史 KPI。
[CP017, CP027, CP028, CP034, CP035, CP036]04财务情况
4.1 收入模型、定价与落地动作
Aikido 的公开变现模型比实际财务表现清楚得多。官方定价、关于页、创业公司和企业页面都指向有意设计的先落地再扩张: 免费入口,Basic、Pro、Advanced 分层的透明标价,然后是一组企业专属增购项,例如自定义 SLA、多租户管理、本地部署、 内部应用代理支持,以及高级接入或支持。SourceForge 独立镜像了同样的分层结构,并确认免费计划包含 2 名用户和 10 个代码仓库; 与许多很早就强制进入定制销售的安全厂商相比,这让产品对创业公司和较小工程团队格外清晰。 这种简单不应被误读成纯单线 SaaS SKU。伙伴和集成页面暗示至少四层变现:经常性平台订阅、企业服务包、 通过分销商和 MSP 进行的伙伴主导捆绑销售,以及与证据生成和更广安全工作流绑定的合规或渗透测试相邻价值捕获。 定价页的 AI 渗透测试语言暗示,围绕进攻性验证可能存在用量触发或报告解锁组件;但留存公开材料没有披露收入中有多少来自经常性软件, 多少来自一次性或类似服务的工作。因此,最合理的判断是:这是一个软件优先的混合模型,漏斗顶部可及性强、扩张杠杆多, 但仍没有足以支撑承保的公开收入结构披露。 [CI001, CI002, CI003, CI004, CI005, CI006]
| 收入流 | 机制 | 单位 | 当前价值 / 状态 | 质量 | 尽调问题 |
|---|---|---|---|---|---|
| 免费入门层 | 免费增值落地动作降低获客摩擦,并为后续转化埋种子 | 2 名用户 / 10 个代码库 | 已公开列示,并被 SourceForge 镜像 | 可见度高;没有转化数据 | 要求提供按队列和细分市场拆分的免费转付费转化。 |
| 核心平台订阅 | Basic / Pro / Advanced 层级按月收取经常性平台费 | $350 / $700 / $1,050 / 月标价 | 标价披露清晰 | 标价可见度高;实际成交价可见度低 | 要求提供 ACV 分布、折扣政策和年度预付占比。 |
| 企业套餐 | 面向更高代码库、用户和支持需求的定制方案 | 定制合同 | 定制 SLA、培训、支持、本地扫描、代理和大规模权益已公开 | 产品范围可见;商业条款不透明 | 要求提供企业 ACV 中位数、部署工作量和按队列拆分的毛利率。 |
| 合规相邻扩张 | Aikido 加 Vanta / Drata / Sprinto 工作流,用于技术控制证据 | 平台订阅加集成价值 | 官方定位强;未单独披露 SKU 经济性 | 叙事支撑较好;收入归因能见度差 | 要求披露合规牵引交易的附加率和增量收入。 |
| 渠道主导收入 | 带佣金和管理工具的经销商、MSP 捆绑包 | 渠道合同 / 转售毛利 | 页面明确写出渠道动作 | 商业存在清楚;经济性未披露 | 要求披露间接收入占比、渠道毛利和合作伙伴集中度。 |
| AI 渗透测试 / 验证变现 | 定价页暗示进攻性测试输出需要付费解锁,或按使用触发 | 按报告 / 按项目 / 未披露 | 公开描述过,但未完整分项 | 中;机制可见,变现细节缺失 | 要求披露渗透测试相关收入的订单额、毛利和复购频率。 |
这张表把留存资料中明确可见的变现机制,与仍需推断的收入线分开。它是公开包装地图,不是收入确认台账。
[CI001, CI002, CI004, CI006, CI013, CI024]| 产品方案 | 价格 / 单位 / 合同 | 标价与实际成交价 | 折扣 / 未知项 | 来源 |
|---|---|---|---|---|
| 免费版 | 永久免费;2 个用户和 10 个代码库 | 仅标价 | 升级率或支持成本没有能见度 | 官方定价 + SourceForge |
| 基础版 | $350/month 平台费;含 10 个用户 | 仅标价 | 年度折扣、超额费用或多产品打包未知 | 官方定价 + SourceForge |
| 专业版 | $700/month 平台费;含 10 个用户 | 仅标价 | 折扣和用户 / 代码库扩张定价未知 | 官方定价 + SourceForge |
| 高级版 | $1,050/month 平台费;含 10 个用户 | 仅标价 | 实际成交 ASP 和捆绑条款未知 | 官方定价 + SourceForge |
| 企业服务 | 定制 SLA、多租户门户、上手辅导、优先支持、本地部署、内部应用代理 | 定制报价 | 很可能按规模、安全需求和部署模式谈判 | 官方定价 / 企业页 |
| 合作伙伴 / 渠道打包 | 带佣金的经销商和 MSP 方案 | 间接定价很可能谈判确定 | 渠道折扣、MDF 和返利未公开 | 合作伙伴页 |
公开可见的定价在网络安全软件里异常透明,但透明范围只到标价。留存来源均未披露实际成交价、合同期限、年度预付折扣,或每增加一个代码库、用户、云账号带来的增收。
[CI001, CI003, CI004, CI006, CI023, CI024]公开套餐显示,Aikido 似乎靠入站兴趣和合作伙伴需求,转成经常性订阅收入,并推动更高价值扩张。
该流程只呈现已保留来源中可观察到的变现机制;不量化转化率、附加购买率、毛利或收入结构。
[CI001, CI002, CI004, CI006, CI013, CI025]4.2 GTM 动作与单位经济代理指标
Aikido 看起来把低摩擦自然流入采用与选择性的销售辅助扩张结合在一起。Series A 博客明确称公司采用免费增值和自助服务; 官方创业公司定位则把产品包装成中小企业(SME)的实际答案:它们需要安全和合规,但没有专职 AppSec 人手。客户故事随后强化了低实施叙事: 一个案例称 150+ 名开发者在 45 分钟内完成接入,其他案例则强调降噪、工作流契合和每月节省开发者时间。 这些是公司主张,不是经审计证明;但它们指向一种模型:公司有意压低部署摩擦,让用户无需承担大量专业服务负担就能转化。 模型的高端市场一侧也能看见。企业和伙伴页面描述了 SSO、本地扫描器、支持 2,000 个代码仓库和 500 名用户的规模、 分销商佣金、MSP 管理工具以及联合销售动作。这说明除免费层之外,还有第二套动作:ACV 更高、销售周期更长、伙伴杠杆更强。 公开评论数据在易用性和广度上方向性支持,但反向信号会影响单位经济:G2 用户抱怨 API 深度有限、低阶套餐报告不足, 以及对创业公司来说价格可能偏高。这些问题可能同时利好和伤害经济性。包装限制可能推动升级, 但如果小买家停留在免费层、成熟团队在支付企业级价格前要求更深平台能力,也会拖慢转化或扩张。 [CI005, CI006, CI010, CI011, CI012, CI013]
| 指标 | 数值 / 状态 | 置信度 | 为何重要 | 尽调要求 |
|---|---|---|---|---|
| 获客成本(CAC) | 未披露 | 低 | 必须拿到该项,才能判断免费增值和渠道打法是否高效转化为付费收入。 | 要求按渠道披露混合 CAC,并按队列披露营销与销售回本周期。 |
| CAC 回本周期 | 未披露;自助队列可能较好,企业客户更长 | 低 | 决定透明定价是在增厚增长,还是在稀释利润率。 | 要求拆分自助、销售主导、合作伙伴主导队列的回本周期。 |
| 毛利率 | 合并口径未公开;比利时实体 FY2025 文件显示毛利为负 | 中 | 拆开软件经济性与服务或重支持负担。 | 要求披露合并毛利率桥,以及服务与软件的毛利率拆分。 |
| 实施负担 | 公司称上手很快,开发者开销低 | 中 | 低实施负担可显著改善回本周期并降低支持成本。 | 用价值实现时间数据、上手小时数和客户成功人员配比验证。 |
| 扩张潜力 | 理论上较高,来自企业功能、合作伙伴捆绑、合规工作流和渗透测试邻近业务 | 中 | 如果免费和低端套餐有意压低价格,扩张就是核心。 | 要求披露 NRR、模块附加率、席位 / 代码库扩张曲线。 |
| 支持 / 服务负担 | 存在但未量化 | 低 | 企业上手、本地部署和类似渗透测试的工作会压低 SaaS 毛利率。 | 要求披露专业服务收入占比、附加率和利用率。 |
| 定价权 | 混合:标价透明且有颠覆性,但部分用户仍认为付费层级对初创公司偏贵 | 中 | 判断 Aikido 是靠低价抢份额,还是还有涨价空间。 | 要求按层级和细分披露赢单 / 输单与续约数据。 |
这张表刻意区分公开可知信息和只能推断的信息。大多数真正的单位经济模型字段仍拿不到,尽调中应直接向公司索取。
[CI005, CI012, CI013, CI014, CI022, CI023]定性桥接图,显示公开因素中哪些可能帮助或拖累 Aikido 的销售效率和利润率。
该图只表示方向,因为 CAC、回本周期、NRR 和支持成本数据未公开。节点总结的是可观察驱动因素,不是实测单位经济输出。
[CI005, CI012, CI013, CI014, CI022, CI023]4.3 备案衍生成本结构与公开规模
最具体的公开财务证据不是管理层评论,而是登记和备案衍生记录。比利时 Aikido Security BV 摘要显示, 截至 2025-01-31 的财年,该实体报告资产 €18.2 million、权益 €14.7 million、负债 €3.48 million, 同时毛利率为负 €3.73 million、经营利润为负 €4.43 million。上一年资产基数较小,为 €5.65 million, 经营亏损也较小,为负 €0.86 million。若按字面解读,这意味着该报告实体到 2025 年初仍处于深度投资模式, 且随着公司扩张,支出显著爬坡。 但投资者不应过度解读这些数字。比利时备案摘要是实体层面,不是完整合并管理账;Aikido 的公开运营足迹现在还包括一个英国总部标签、 一个美国办公室,以及一个新设英国法律实体。Companies House 记录显示,AIKIDO SECURITY LTD 于 2026-04-09 成立, 随后把会计期间缩短至 2027-01-31,并在成立后立即提交资本文件。这说明公开法律结构比单看比利时备案更国际化。 正确综合结论是:现有备案证据证明核心比利时实体完成资本积累且仍在亏损,但无法回答更难的问题: 合并毛利率、现金效率、收入确认,或渗透测试和服务活动在规模化后是增厚还是稀释利润率。 [CI007, CI008, CI009, CI015, CI016, CI017]
| 指标 | 公开数值 / 状态 | 置信度 | 为何重要 | 尽调要求 |
|---|---|---|---|---|
| 已披露累计融资 | ~$85M | 中 | 给出债务之外大致可用的外部资本基数。 | 要求逐轮披露融资到账额、费用和当前不受限现金。 |
| 最新融资事件 | 2026 年 1 月以 $1B 估值完成 $60M Series B | 高 | 这是当前增长资本的主要来源,也释放投资人支持信号。 | 要求披露投后股权、清算优先权和董事会权利。 |
| 种子前 / 可转债融资 | MandA 报道种子轮前有 ~€2M 天使可转债 | 低 | 关系到股权结构表清理和早期稀释历史。 | 要求提供 SAFEs / 可转债明细表和转换机制。 |
| 比利时实体资产负债表 | FY2025 资产 €18.2M;权益 €14.7M;负债 €3.48M | 高 | 显示 Series B 和英国实体搭建前,BV 层面已积累多少资本。 | 要求提供最近月末合并资产负债表。 |
| 比利时实体经营表现 | FY2025 毛利 -€3.73M;经营结果 -€4.43M | 高 | 确认到 2025 年初,核心实体尚未靠自身造血。 | 要求披露 2025 年 2 月以来的月度烧钱速度和合并 P&L。 |
| 当前现金跑道 | 无法用公开信息计算 | 低 | 现金跑道决定公司在达到稳态规模前,是否还依赖下一轮股权融资。 | 要求披露现金余额、月度净烧钱和下行情景经营计划。 |
| 债务 / 项目融资义务 | 未见留存公开证据显示存在债务,但披露并不完整 | 低 | 隐藏杠杆或担保会显著改变下行风险。 | 要求提供债务明细、授信额度、租赁和或有负债。 |
资本充足性方向上有利,因为公司近期完成了一笔大型 Series B;但头部融资之外的每一行,都仍需管理层直接提供证据,才足以承销。
[CI007, CI008, CI009, CI015, CI016, CI017]基于来源的估计区间,覆盖公开材料里少数可见的财务和规模指标。
ARR Club 里程碑是外部估计信号,不是公司验证披露。由于来源冲突,员工数以公开信号区间呈现。比利时申报值来自监管文件, 数值精确,因此显示为零宽区间。
[CI008, CI017, CI018, CI021, CI030, CI031]4.4 资本充足性、融资依赖与尽调阻塞点
公开来源支持 Aikido 在当前阶段资金充足的判断,但不足以让投资者有信心计算现金跑道。官方关于页和 BankInfoSecurity 都指向约 $85 million 的已披露累计融资; Series B 公告也清楚表明,管理层打算在自主安全和 AI 驱动渗透测试上激进投入。Solutions Magazine 补充称, 2025 年收入增长五倍,近一半来自美国,客户群几乎增加三倍;这说明公司正在扩展更大的商业足迹,而不只是囤积资本。 ARR Club 的付费信号页更进一步,把 2026 年 1 月 ARR 放在 $10 million 以上,2026 年 4 月放在 $25 million; 但这些数字应被视为外部估计区间,而不是经公司验证的披露。 承保问题不在于 Aikido 有没有动能,而在于动能能否转化为持久、高效率收入。留存公开材料仍未披露合并收入、毛利率、 净留存、CAC、回本周期、客户标识集中度、现金余额、债务或现金跑道月份。评论数据暗示公司用透明标价冲击一个充满昂贵工具拼盘的市场, 官方企业和伙伴页面则指向可信的扩张向量。即便如此,没有管理账和客户队列细节, 投资者无法判断这家公司是高毛利 SaaS 复利机器、软件与服务混合模型,还是仍在证明稳态经济性的资本饥渴型增长故事。 结论是战略轨迹和资本可得性偏正面,但收入质量和现金耐久性仍不完整。 [CI007, CI008, CI010, CI011, CI021, CI023]
| 缺失的私有指标 | 影响 | 精确尽调路径 |
|---|---|---|
| 合并 ARR 与 GAAP / 管理口径收入桥 | 阻碍对增长质量和估值支撑做干净承销 | 要求月度 ARR 桥、收入确认政策和 FY2024-FY2026 管理账。 |
| 按软件、渗透测试和服务活动拆分毛利率 | 无法判断非经常性工作是在增厚还是稀释毛利率 | 要求披露产品线毛利率和支持成本分摊。 |
| 现金余额、烧钱速度和现金跑道月数 | 资本充足性仍停留在叙事,无法计算 | 要求最新现金报告、烧钱瀑布和 18 个月计划。 |
| NRR / GRR 以及按层级拆分的扩张 | 无法判断落地后扩张是否真的在复利 | 要求按队列披露客户留存、金额留存和升级率。 |
| 实际成交价和折扣纪律 | 如果企业折扣激进,标价可能高估实际变现 | 要求按套餐披露 ASP、年度预付占比和折扣审批政策。 |
| 客户集中度和地区组合 | 未知是否暴露于少数大客户或美国需求过重 | 要求前 20 大客户收入占比和逐地区 ARR 组合。 |
这些是最低限度的阻塞项,仍把公开势能和真正财务承销隔开。
[CI020, CI021, CI031, CI032, CI034, CI040]公开图谱显示,Aikido 从比利时创业公司扩张为国际安全平台、并押注自主渗透测试时,资本似乎流向哪些环节。
这是定性资本流向图,因为当前现金、烧钱速度、债务和资本开支均未公开披露。
[CI007, CI015, CI016, CI031, CI032, CI033]05产品与技术
5.1 平台范围、模块地图与差异化
Aikido 并不是在展示一个带附加模块的单一扫描器;它营销的是完整的应用安全操作面:从源代码起步,延伸到云和容器态势, 进入 API 和进攻性测试,最后落到运行时控制和治理输出。留存模块页支持这一框架。代码产品覆盖 SAST、SCA、secrets、IaC、 容器以及 SBOM / 合规用例;云页面加入 CSPM 和运行时清单;攻击面包括 API 模糊测试、DAST 式监控、渗透测试和新推出的 Infinite 工作流。 Zen 则作为单独的运行时资产存在,而不只是代码扫描器的延伸。 让产品逻辑比泛泛的捆绑营销更可信的,是底层开发者原生和开源证据的数量。Aikido 公开把 SAST 绑定到 Opengrep, 在 GitHub 发布 Zen 运行时和 Safe Chain,并通过 GitHub Marketplace 分发,且安装量有意义。这不能证明每个模块都是同类最佳, 但确实显示出一套架构和 GTM 模型,建立在工作流契合、可审计组件,以及开发者真实接触的分发渠道之上。 因此,主要差异化主张是广度加低噪声自动化,而不是每个单一品类里的极端专家深度。[CE001, CE002, CE003, CE004, CE005, CE014]
| 模块 / 资产 | 主要用户 | 当前成熟度 / 状态 | 差异化 | 尽调缺口 |
|---|---|---|---|---|
| SAST / 代码规则 | 开发者 + AppSec | 核心 / 成熟 | 基于 Opengrep 的 SAST,配合 AI 分诊、自定义规则和 AutoFix 定位;官方宣传噪声显著低于传统工具。 | 需要独立基准证明精度、假阴性和自定义规则深度。 |
| SCA / 供应链 | 开发者 + AppSec | 核心 / 成熟 | 可达性、恶意软件情报、pre-CVE 定位和 SBOM/VEX 输出,让工作流比只看 CVE 清单更丰富。 | 需要在生产账户中更深入证明可达性准确度和恶意软件预防效果。 |
| 密钥 / IaC 扫描 | 平台 + DevOps | 核心 / 成熟 | 主动密钥验证,加上 Terraform、CloudFormation、Helm、Dockerfile 覆盖,把低层级错误配置留在同一个控制台里。 | 需要大型 monorepo 上的误报率和分支工作流性能数据。 |
| 云 / VM / 容器态势 | CloudSec + DevOps | 核心 / 成熟 | 无代理 CSPM 结合 VM、运行时、仓库和容器上下文,支持关联分析,而不是拆成多个控制台。 | 需要公开规模、摄取延迟和多账号证据。 |
| API / DAST / 暴露面监控 | AppSec + 平台 | 增长 / 扩张中 | REST 和 GraphQL 模糊测试,配合 Swagger-to-traffic 与 Zen 辅助端点发现,把覆盖面扩展到静态规格之外。 | 需要更清楚的公开证据,证明认证 / 会话处理、调度深度和噪声环境调优。 |
| Zen 运行时防火墙 | 平台工程师 | 增长 / 差异化 | 开源应用内防火墙,带 sink 追踪、速率限制、机器人 / Tor 控制、OpenAPI 生成和运行时攻击上下文。 | 需要按框架披露遥测、开销和企业推广落地证据。 |
| Safe Chain | 开发者 + CI 负责人 | 聚焦 / OSS 主导 | 无 token 的本地包安装护栏,带恶意软件拦截和默认 48 小时包龄策略。 | 需要附加率、采用率和企业策略管理证据。 |
| 报告 / 合规输出 | 安全负责人 + 合规 | 核心 / 成熟 | 审计、趋势、SLA、恶意软件、运行时、团队、SBOM、VEX 和合规类输出,把扫描结果转成面向买方的证据。 | 需要逐套餐权益细节,以及导出报告的 API 深度。 |
| Aikido Infinite / 渗透测试 | 安全团队 + 管理层 | 新 / 早期 | 验证—修复—复测闭环贯穿各次版本发布,如果执行守得住,就是差异化叙事。 | 除了发布报道,还需要独立基准、客户推荐和 GA 证据。 |
这些行覆盖留存官方、技术文档和开发者信号来源中浮现的主要产品资产。应把它看成外部可见的产品地图,而不是内部工程组件清单。
[CE001, CE002, CE003, CE004, CE005, CE011]分层视图,展示 Aikido 如何把接入、检测、上下文、修复和治理组合到一个产品界面里。
[CE001, CE002, CE003, CE006, CE010, CE013]5.2 开发者工作流与运营模型
技术运营模型是 Aikido 最强的公开资产之一。文档和产品页显示,接入通过源码控制集成、只读云连接器、注册表访问、 受限环境可选本地扫描器,以及客户需要运行时覆盖时的应用内 Zen 库完成。这意味着平台可以从轻量 SaaS 式扫描起步; 但更完整的版本依赖来自 CI、运行时、云和 API 流量的更深客户遥测。容器和云材料反复强调关联: 镜像、包、VM、运行时和代码仓库被连接起来,让系统能在运营上下文中排定问题优先级,而不是吐出孤立发现清单。 摄入之后的工作流同样重要。Aikido 文档列出了 PR 反馈、CI 门禁、AI 分诊、AutoFix、SBOM 导出、合规报告, 以及同时使用已声明规范和观测流量的 API 发现流程。Safe Chain 把控制点向上游延伸到包安装,Zen 则向下游延伸到应用运行时。 结果是一条从检测到优先级排序、再到修复或阻断的连贯闭环。剩余尽调问题不是工作流是否存在,而是它在企业级规模、 复杂认证 / 会话模式,以及更严格部署或数据处理要求下表现是否稳定。[CE006, CE007, CE008, CE009, CE010, CE011]
| 用户任务 | 当前工作流 | 公司方案 | 可衡量收益 | 限制 |
|---|---|---|---|---|
| 代码库安全分诊 | 在 PR 和默认分支中审查代码、依赖、密钥和 IaC 风险。 | 代码扫描,配合 PR 评论、AI 分诊、AutoFix、工单 / 聊天集成。 | 官方来源把价值表述为更低噪声和更快开发者反馈。 | 假阴性率和工作流精度的公开证据仍有限。 |
| 依赖安装加固 | 恶意包落到笔记本或 CI 代理前先拦住。 | Safe Chain 本地代理,覆盖 npm、yarn、pnpm、npx、pnpx、pip、uv 和 poetry。 | 无需设置 token,就能拦截拼写仿冒包、恶意软件和过新的版本发布。 | 大型企业仍需要中心策略和设备群管理细节。 |
| 云和容器卫生 | 跨云、仓库、VM、容器和运行时发现风险资产。 | 无代理 CSPM,加容器与运行时关联。 | 单一视图把态势问题连到工作负载和过时运行时。 | 缺少公开规模和数据延迟指标。 |
| API 暴露测试 | 发现并测试已文档化和隐藏端点。 | Swagger-to-traffic、Zen discovery、针对 REST 与 GraphQL API 的已认证模糊测试。 | 覆盖面可能比只扫规格更广。 | 需要更强公开证据,证明认证 / 会话深度和调度能力。 |
| 合规与客户证据 | 为买方或审计产出 SBOM、审计、趋势报告和控制证据。 | CycloneDX、SPDX、VEX、审计、SLA、团队和合规报告输出。 | 把安全扫描转成外部可消费的证据。 | 评论站点暗示部分报告和 API 深度受套餐限制。 |
| 运行时攻击拦截 | 捕捉绕过预部署扫描的利用尝试。 | Zen sink 追踪、速率限制、机器人 / Tor / 国家控制和 AI 监控。 | 在应用上下文中加入运行时验证和拦截。 | 需要更多关于性能和检测广度的公开基准数据。 |
这张表把产品模块翻成用户任务和运营工作流。尽调时这个框架最有用,因为 Aikido 卖的是一体化工作流减负,而不是孤立检测引擎。
[CE006, CE007, CE009, CE011, CE012, CE013]| 层 / 组件 | 角色 | 依赖 | 主要风险 |
|---|---|---|---|
| Git 提供商 + 本地扫描器 | 为代码扫描提供代码库、分支、PR 和 CI 上下文。 | GitHub、GitLab、Azure DevOps、Bitbucket,或本地扫描器执行。 | 如果代码库无法连接或本地扫描,覆盖率会下降。 |
| 云 API | 用最少部署基础设施摄取态势、VM、运行时和资产数据。 | AWS、Azure、GCP 只读 API 连接。 | 权限缺口或 API 漂移会削弱可见度和新鲜度。 |
| 仓库 + 镜像元数据 | 把容器发现项连回代码负责人和运行时资产。 | 仓库访问权限,加包与镜像元数据。 | 断开的仓库连接会破坏端到端血缘和优先级排序。 |
| Zen 应用内运行时 | 观察请求到 sink 的行为,并可选择在运行时拦截。 | 嵌入客户应用的特定语言库。 | 性能、框架覆盖和推广纪律会变得重要。 |
| Opengrep + Aikido 控制平面 | 执行规则、关联发现项、分诊、AutoFix,并管理仪表盘。 | 开源引擎,加 Aikido 编排和集成。 | OSS 维护和编排质量是关键依赖。 |
| AI + 报告 / 导出界面 | 生成修复、OpenAPI 规格、自定义规则、摘要和合规工件。 | 模型推理,加留存扫描上下文和报告模板。 | 准确性、治理和数据边界细节需要尽调。 |
理解 Aikido 架构,最好把它看成叠在外部源代码、云、仓库、运行时和 OSS 输入之上的控制平面。这带来灵活性和工作流适配,也引入生态依赖。
[CE007, CE008, CE010, CE012, CE013, CE015]Aikido 如何从客户遥测接入,走到优先级排序后的发现、修复和治理输出。
[CE006, CE007, CE008, CE011, CE012, CE013]5.3 运行时、开源资产与路线图速度
Aikido 的公开 GitHub 表面对产品故事格外重要,因为它说明公司交付的不只是打磨过的落地页。AikidoSec 组织托管数十个代码仓库, Safe Chain 和多语言 Zen 运行时作为具体证据,证明公司投资开发者工具,而不只是集中式仪表盘。 Opengrep 又给 Aikido 增加了一个开放静态分析引擎和联盟背书的治理叙事。合在一起, 这些资产让 Aikido 更像一个带有可扩展技术构件的工作流平台,而不是纯封闭盒扫描器厂商。 但路线图速度正越来越由进攻性测试和自主修复来定义。独立 2026 年报道和 Aikido 自身材料都显示,公司战略性推进 AI 渗透测试和 Infinite 发布闭环概念; Allseek 与 Haicker 收购以及新一轮 Series B 融资进一步强化了这一点。这个方向有前景,也与技术栈其余部分战略一致, 因为 Zen、OpenAPI 生成和扫描上下文都能喂给更丰富的漏洞利用验证工作流。但它也是公开产品叙事中最不成熟的一块。 核心代码和云模块看起来已经建立;自我安全软件主张仍需要更多独立基准测试和部署证据。[CE015, CE016, CE017, CE018, CE019, CE020]
| 日期 / 阶段 | 功能 / 里程碑 | 状态 | 影响 | 来源 |
|---|---|---|---|---|
| 当前 | 代码到云扫描套件 | 已成型 | 核心覆盖面和工作流集成看起来已足够成熟,可支撑主流中小企业和企业采用。 | 官方产品页 + 文档 |
| 当前 | Zen OSS 运行时 + GitHub Marketplace | 已成型 / 扩张中 | 开发者原生分发和多语言运行时覆盖,强化了采用闭环。 | GitHub 组织、运行时仓库、Marketplace |
| 当前 | 报告 / SBOM / 合规输出 | 已成型 | 安全输出已经打包给审计和客户举证使用,不只是工程师队列里的工单。 | 报告文档 + SBOM 用例 |
| 2025 | Allseek + Haicker 收购 | 已整合 / 路线图加速器 | 释放出用 M&A 加速自动化渗透测试和 AI 研究的信号。 | Security Systems News |
| 2026-01 | Series B 轮,用于扩展 AI 渗透测试 | 已获融资支持的战略重点 | 新资金明确投向攻击性测试和自主修复,说明二者是核心路线图。 | BankInfoSecurity |
| 2026-02 | Aikido Infinite 发布 | 新推出 / 早期 | 如果可靠性跑通,“自我安全”的发布闭环叙事可能形成差异化。 | Help Net Security + Manila Times 报道 |
| 当前 / 路线图 | FedRAMP 落地 | 进行中 | 可能打开受监管市场入口,但尽调上还不是已闭环事项。 | 信任中心 |
本表刻意区分已成型的核心模块和更依赖路线图的新领域。最尖锐的产品风险不是覆盖面,而是最新渗透测试叙事已有多少在生产账户里被证明可重复。
[CE018, CE029, CE035, CE036, CE037, CE039]Aikido 平台依赖外部生态,也依赖少数高杠杆 OSS 和运行时资产。
[CE015, CE016, CE040, CE041, CE042, CE043]5.4 信任控制、报告与剩余风险
公开信任材料足以支撑企业相关性,但不足以关闭每个尽调问题。Aikido 称自己符合 ISO 27001:2022 和 SOC 2 Type II, 每年运行渗透测试和漏洞赏金,默认使用只读访问,分析后不存储客户代码,并把 AI 处理限制在推理、不用客户数据训练。 文档还显示,报告是一等输出面,而不是事后补丁:安全审计、趋势、运行时 / 框架、SLA、团队对比、恶意软件、SBOM、VEX 和合规式输出都已产品化。 对许多买家来说,工作流覆盖和信任叙事的组合会很有吸引力。 剩余风险集中在深度,而不是广度。评论仍暴露 API 和报告限制、部分包装摩擦,以及偶发误报。信任中心围绕 FedRAMP 的表述仍是进行中, 而非已经达成。Zen 的遥测边界、大规模运行时性能,以及 Infinite 的基准测试方法论,都还没有披露到高度受监管买家或战略收购方想看的深度。 实际承保结论是:Aikido 的核心平台看起来足够成熟,工作流契合度异常强;但较新的进攻性测试和企业信任主张, 仍应通过一手材料尽调,而不能照单全收。[CE025, CE026, CE027, CE028, CE029, CE030]
| 控制 / 指标 | 状态 | 范围 | 缺口 |
|---|---|---|---|
| ISO 27001:2022 | 声称当前有效 | 公司范围 ISMS 和企业信任姿态。 | 尽调室需要证书范围和监督审核细节。 |
| SOC 2 Type II | 声称当前有效 | SaaS 服务交付的运营控制。 | 需要报告期、排除项和子服务清单。 |
| GDPR + 隐私姿态 | 声称当前有效 | 仅推理 AI,不用客户数据训练模型,分析后不保留客户代码。 | 需要 DPA、子处理方和 Zen / 自托管模式的遥测数据架构。 |
| 只读 / 最小权限上手 | 有文档 | 代码库和云集成,加受限环境的本地部署选项。 | 需要按提供商和部署模式给出精确权限矩阵。 |
| 年度渗透测试 + 漏洞赏金 | 已记录 | 外部测试和漏洞披露闭环。 | 需要补齐修复 SLA 和近期发现摘要。 |
| FedRAMP | 正在推进 | 面向公共部门的就绪度叙事。 | 尚未有证据显示已取得认证或授权范围。 |
公开信任材料比典型创业公司的安全营销更细,但还没到高度监管买家想看的深层一手证据。
[CE025, CE026, CE027, CE028, CE029, CE043]方向性地图,显示 Aikido 当前看起来最强的地方,以及尽调风险仍集中在哪里。
[CE029, CE031, CE032, CE033, CE039, CE043]06客户情况
6.1 客户细分组合,以及谁付款、谁使用、谁受益
Aikido 的可见客户不是随机标识。公开客户面横跨创业公司、成长型公司、企业和多公司铺开场景, 但压倒性地由软件驱动、工程团队拥有。客户故事中被引用的人是 CTO、CISO、VP Engineering、平台负责人、DevSecOps 工程师、安全工程师和开发者, 而不是采购官。这一点重要,因为它说明产品在买方想要统一工作流工具、且开发者真的会用的地方胜出。 客户故事索引明确覆盖 Startup、Scaleup 和 Enterprise,抓取到的故事则覆盖 HealthTech、HRTech、LegalTech、HospitalityTech、 SecurityTech、制造、教育和组合场景。公开企业计划支持 2,000 个代码仓库、1,000 个容器、 100 个云账户和 500 名用户,并提供多租户和本地部署选项,也支撑了企业适配。需要注意的是分母纪律: Aikido 公开表述会在组织、开发者和团队之间切换,所以广度明显,但确切客户组合并不清楚。[CU001, CU004, CU005, CU006, CU007, CU008]
| 客群 | 买方 / 用户 / 付款方 | 用例 | 规模 | 收入 / 战略价值 | 缺口 |
|---|---|---|---|---|---|
| 创业公司和小型自助式工程团队 | 创始人或 CTO 是买方;开发者或平台团队是用户;轻量工程预算付款 | 快速扫描代码、云和依赖,低摩擦上手,并有免费层入口 | 客户案例页包含 Startup 客群;G2 免费层评价强调设置直接 | 为未来付费扩张提供宽入口,尤其适合开发者主导落地 | 公开来源未披露免费转付费转化率或 SMB ACV |
| 成长期 SaaS 和受监管数字运营商 | CTO、工程副总裁、DevSecOps 和平台负责人是买方;开发者是日常用户;产品或工程预算负责人付款 | 噪音降低、CI/CD 集成、合规报告和更快修复 | Oviva、Birdie、Simployer、Jurimesh、Pathful 和 HeyJobs 是具名证明 | 可能是核心经常性客群,因为安全和交付速度都直接关系业务 | 分客群 ARR 和续约数据未公开 |
| 企业软件和平台团队 | CISO 或安全平台负责人是买方;工程经理和开发者是用户;集中安全预算付款 | 统一多仓库、多团队的 AppSec 栈、工作流路由和风险可见性 | AutoStore、Render、Human Security、Prove、Supermetrics 和 n8n 显示企业级使用 | 工作流嵌入带来更高 ACV 和更强扩张潜力 | 多数证据是供应商筛选和撰写的案例,而非独立队列披露 |
| 投资组合和多公司运营方 | 集中安全职能是买方;组合公司工程师是用户;集团平台预算付款 | 在多实体间标准化扫描和报告,并获得可预测的治理和定价 | Visma 覆盖 200+ 家组合公司和 6,000 名开发者;Aikido 早期披露称覆盖 175+ 家 Visma 公司 | 战略价值很高,因为一单可带动多实体采用 | 公开证明集中在一个旗舰案例,未披露 ARR 集中度 |
| 受监管或交易密集型买方 | 安全和平台领导层是买方;工程团队是用户;合规或治理预算支持 | 审计就绪、GDPR 或 ISO 支持、证据生成,以及更快风险修复 | 抓取到的案例反复出现医疗、HR、法律、教育、酒店或支付场景 | 安全态势直接影响销售和信任,因此是尽调驱动扩张的强切口 | 本轮直接公共部门 logo 证明仍然偏薄 |
| 有敏感部署需求的大型企业 | 安全、合规和平台采购是买方;分布式工程团队是用户;企业 IT 付款 | 本地扫描、多租户治理、定制 SLA 和可直接给利益相关方看的报告 | 官方企业版和定价页面描述了这些选项,以及较高的仓库和云资产上限 | 支撑公司从纯开发者自助向高端市场上探 | 公开材料未披露附加率,也未说明企业服务多久促成交易 |
客群按买方和工作流形态分组,而不是按未披露的 ARR 切分。战略价值反映的是公开证据质量和扩张逻辑,不代表私下收入结构。
[CU005, CU006, CU007, CU008, CU009, CU011]6.2 采用轨迹与分母纪律
公开采用轨迹很强,但也很乱。2024 年 5 月公司帖子称,Aikido 发布一年内已有超过 3,000 家组织和 6,000 名个人开发者; TechCrunch 也在同一轮融资前后独立报道约 3,000 家中小客户。到 2026 年 1 月,Aikido 和多家新闻媒体称产品被超过 100,000 个团队使用, 客户基数在此前一年增加逾三倍。这些都是强增长信号,但团队不是付费组织,任何一个口径也无法说明席位数、ARR 构成或免费与付费分布。 轨迹中更能承保的部分来自部署表面:Visma 覆盖 200+ 家投资组合公司和 6,000 名开发者,Oviva 在数周内覆盖 75+ 名开发者和 200+ 个代码仓库, AutoStore 覆盖约 100 个代码仓库和 100 名开发者,HeyJobs 覆盖 95 个代码仓库加 31 个注册表和 9 个云, Render 覆盖约 30 个代码仓库和 50 名开发者。结论很清楚:采用真实存在,但分母漂移仍未解决。[CU001, CU002, CU003, CU004, CU011, CU012]
| 指标 | 值 | 日期 | 来源 | 置信度 | 影响 | 缺失分母 |
|---|---|---|---|---|---|---|
| 历史采用披露 | 3,000 个组织;6,000 名个人开发者 | 2024-05-02 | Aikido Series A 轮博文 | 中 | 显示发布一年内就获得快速早期自助式和中小企业牵引 | 未披露付费与免费结构、席位数或分客群收入拆分 |
| 独立历史佐证 | 3,000 家中小客户 | 2024-05-01 | TechCrunch | 高 | 大体证实 2024 年客户基础已具规模 | 这里的客户指组织,不是团队或开发者 |
| 当前覆盖面披露 | 100,000+ 个团队 | 2026-01-14 | Aikido Series B 轮文章,加上 Yahoo、Tech.eu、SiliconANGLE | 中 | 当前覆盖面信号强,增长动能清晰 | 团队不等于付费组织或唯一客户 |
| 客户增长率 | 较上一年增长超过三倍 | 2026-01-14 | 多家媒体转述 Aikido Series B 轮叙事 | 中 | 表明进入 2026 年客户获取速度很快 | 未披露绝对期初和期末数量 |
| Visma 推广规模 | 200+ 家组合公司;6,000 名开发者 | 抓取时为当前数据 | Visma 案例 / 客户案例索引 | 高 | 显示异常强的多实体采用 | 未披露每家组合公司的合同金额或付费席位数 |
| Oviva 推广规模 | 数周内接入 75+ 名开发者;200+ 个仓库 | 抓取时为当前数据 | Oviva 案例 | 中 | 显示可在受监管健康科技环境中低摩擦规模化部署 | 未披露合同金额、续约或产品模块拆分 |
| AutoStore 推广规模 | 几周内接入 100 个仓库;100 名开发者 | 抓取时为当前数据 | AutoStore 案例 | 中 | 支持企业推广的可行性,且实施投入很轻 | 未披露支出、续约或各团队使用深度 |
| HeyJobs 覆盖足迹 | 95 个仓库;31 个容器注册表;9 个云环境 | 抓取时为当前数据 | HeyJobs 案例 | 中 | 显示技术覆盖面很宽,不止少数仓库 | 未披露用户席位或合同金额 |
| 内部上手证明 | 45 分钟培训后完成 150+ 名开发者上手 | 抓取时为当前数据 | 客户页面 | 中 | 支持在较大工程组织内快速上手和采用 | 摘要页未披露客户身份和付款状态 |
| Render 运营足迹 | 大约 50 名开发者;约 30 个活跃仓库 | 抓取时为当前数据 | Render 案例 | 中 | 在超大规模和组合案例之外,补充了中型企业运营证据 | 未披露账户规模或续约历史 |
各行刻意把组织、团队、开发者、仓库和云资产分开。公开披露显示增长强、部署覆盖广,但仍没有一个干净的付费客户分母。
[CU001, CU002, CU003, CU004, CU011, CU012]6.3 具名客户证明与可衡量结果
具名客户证明是本章最强的证据集,因为 Aikido 发布的不只是标识墙。多个故事暴露了运营数字或具体结果。 n8n 报告噪声降低 92%,并为 21 天高危发现建立结构化 SLA 流程。Supermetrics 报告噪声降低 75%。 Pathful 称总问题数两周内下降 60%。Petrosea 称最快修复发生在检测后五秒,合规报告时间至少下降 80%。 Birdie 报告问题可在 30 秒内修复,Simployer 则称开发者现在能在一分钟内修复问题。Visma、Oviva、AutoStore、Render 和 HeyJobs 补上规模层: 数千名开发者或数百个代码仓库,而不是单一沙盒部署。即便 Smartendr 的 AI 渗透测试故事也有用, 因为它展示了 Aikido 在尽调和审计语境下的使用,包含 54 个已验证发现和自动复测。限制在于,几乎所有这些证明都由 Aikido 撰写, 因此更能承保产品有用性,而不是续约耐久性。[CU011, CU013, CU014, CU015, CU016, CU017]
| 客户 | 客群 | 部署 / 用例 | 生产环境 / 试点 | 结果 | 局限 |
|---|---|---|---|---|---|
| Visma | 软件集团 / 投资组合推广 | 统一 SCA 和 SAST,并在组合公司间推进更广泛的 AppSec 标准化 | 生产环境 | 推广覆盖 200+ 家组合公司和 6,000 名开发者;强调可预测定价和低摩擦上手 | 公开证明未披露合同规模、付费席位深度或续约节奏 |
| Oviva | 健康科技成长期公司 | 在仓库和开发者工作流中持续跑 AppSec 和合规报告 | 生产环境 | 数周内接入 75+ 名开发者和 200+ 个仓库 | 除采用速度外,未公开价格、合同期限或结果指标 |
| AutoStore | 全球自动化 / 企业软件 | 面向多样化代码库,在 GitHub、GitLab 和 Azure DevOps 上统一 AppSec | 生产环境 | 一名工程师在几周内推广到约 100 个仓库和 100 名开发者 | 结果证明最强的是部署效率,而不是留存或成本节省 |
| HeyJobs | 招聘平台 / 成长期 SaaS | 统一代码、容器和云信号,并让优先级更清晰 | 生产环境 | 接入 95 个仓库、31 个容器注册表和 9 个云环境;据称爆炸半径显著缩小 | 未量化 ARR、续约或明确席位数 |
| n8n | 开发者工具 / 工作流自动化 | 通过 SLA、团队路由和开源安全可见性,建立集中漏洞流程 | 生产环境 | 噪音降低 92%,更能满足 21 天高危漏洞期限 | 噪音降低来自公司引用,未经独立审计 |
| Simployer | 人力科技 / 合规敏感型 SaaS | 安全嵌入各团队和 CI/CD,并提供自动修复 | 生产环境 | 开发者现在不到一分钟就能修漏洞,安全像日常工作一样处理 | 没有仓库、用户或支出等部署规模指标 |
| Birdie | 健康科技 / 居家护理平台 | 合规自动化、自动修复和开发者友好的漏洞管理 | 生产环境 | 借助点击合并工作流,问题可在约 30 秒内解决 | 快速修复指标来自客户引用,未绑定更大样本量或留存数据 |
| Petrosea | 采矿 / 工业技术 | 为 20 人工程团队统一代码、云和合规工作流 | 生产环境 | 检出后最快 5 秒修复,合规报告耗时至少下降 80% | 公开证据是一篇客户案例,没有合同或续约细节 |
| Pathful | 教育 SaaS | 面向学生数据工作流的低噪音漏洞管理和合规支持 | 生产环境 | 两周内问题总数下降 60%,实习生也能快速修复 | 时间窗口短;没有长期留存或预算数据 |
| Smartendr | 酒店 / 支付软件 | 在应用和集成中进行 AI 渗透测试和持续风险验证 | 生产环境 | 54 项已验证发现,支持自动复测和合作伙伴可用报告 | 重点是渗透测试价值,而不是核心席位扩张经济性 |
这是截至本次运行日期可公开检索的 Aikido 具名参考的部分列举。它能强力证明真实部署,但不是完整客户名单,也不是续约普查。
[CU011, CU013, CU014, CU015, CU016, CU017]对 Aikido 具名客户引用的证据质量视图,按规模可见度、结果具体度和留存可见度评估。
证据质量衡量公开叙事有多具体、量化到什么程度。留存可见度整体偏低,因为这些参考来源都没有披露续约或队列行为。
[CU011, CU013, CU014, CU015, CU016, CU017]6.4 满意度代理指标与耐久性缺口
耐久性是公开记录的弱点。独立评论渠道方向性正面:G2 在 139 条评论中显示 4.6/5,TrustRadius 在 2 条评论中显示 8.1/10, FeaturedCustomers 列出 46 条评论和推荐语、35 个案例研究和 5 个视频,SourceForge 则列出 6 条用户评论且评分为 5.0/5。 这些是真实信号,说明用户喜欢产品,也说明作为年轻安全厂商,公开推荐密度值得尊重。但反向解读同样重要。 G2 摘要称,对较小企业来说价格可能显得偏高;个别评论要求更深的定制、更好的大型企业报告,以及更便宜的渗透测试定价。 更重要的是,抓取到的公开来源都没有披露当前精确付费组织、NRR、GRR、总流失、客户标识流失、合同期限或头部客户集中度。 重复使用代理指标存在——n8n 每周至少检查信息流五次,Render 把定期报告嵌入运营,Jurimesh 把连续证据推入 Vanta—— 但它们仍是代理指标,不是可审计的留存指标。[CU031, CU032, CU033, CU034, CU035, CU036]
| 指标 | 值 / 空值 | 客群 | 置信度 | 尽调问题 |
|---|---|---|---|---|
| 当前付费组织精确数 | 全部客户 | 未公开披露 | 要求提供活跃付费组织精确数,并按 SMB、成长期、企业和投资组合推广拆分 | |
| 当前公开覆盖面口径 | 100,000+ 个团队 | 所有可见团队 | 低-中 — 公司和新闻均重复该口径,但分母是团队 | 将团队数对齐到唯一付费组织和席位 |
| 历史组织里程碑 | 3,000 个组织;6,000 名开发者 | 2024 年存量基础 | 中 — 官方披露加 TechCrunch 佐证 | 把 2024 年组织和开发者口径桥接到今天的团队数和付费客户数 |
| 客户增长率 | 较上一年增长超过三倍 | 全部客户 | 低-中 — 公司声称,媒体转述 | 提供实际期初 / 期末数量、付费与免费结构和队列年份 |
| G2 评分 | 139 条评价给出 4.6 / 5 | 广泛买方和用户样本 | 中 — 独立评价平台 | 要求按免费层用户、付费用户和企业账户拆分评分 |
| TrustRadius 评分 | 2 条评价给出 8.1 / 10 | 公开评价样本 | 低-中 — 独立但样本很小 | 获取更大的已验证评价和参考客户集 |
| 目录式评价代理指标 | 6 条 SourceForge 评价给出 5.0 / 5 | 软件目录受众 | 低 — 只能作方向性信号 | 不要把目录评分当作留存指标;改问续约队列 |
| 重复使用代理指标 | n8n 称主信息流每周至少查看五次 | 活跃客户工作流用户 | 低 | 要求按角色提供 WAU 和 MAU,以及自动化触发量 |
| 合规工作流代理指标 | Jurimesh 和 Render 描述持续证据或定期报告工作流 | 合规敏感账户 | 低-中 | 要求提供报告生成频率和席位级参与指标 |
| NRR / GRR / 流失 / 合同期限 | 全部客户 | 未公开披露 | 要求提供 NRR、GRR、logo 流失、合同期限分布和头部客户集中度 |
留存证据主要依赖代理指标。评价平台显示满意度,工作流嵌入说明存在规律使用,但公开记录仍缺投资级耐久性指标。
[CU002, CU003, CU021, CU023, CU024, CU031]健康安全 SaaS 队列的示意性基准留存曲线。Aikido 未披露实际客户队列留存或续约百分比。
该图只是基准代理。Aikido 公开材料未披露 NRR、GRR、Logo 流失率或实际队列百分比,因此图表展示的是尽调缺口,而不是公司披露的业绩。
[CU037, CU038, CU039, CU042]6.5 扩张循环与集中度风险
即便没有留存披露,扩张故事也有说服力。公开证明反复显示 Aikido 在替换分散工具栈:Prove 把六个 AppSec 工具压缩成一个平台; Go Autonomous 在 1,000+ 漏洞积压后从 Snyk 切换;Render 整合 DAST 和 SAST;HeyJobs 替换依赖和告警工具拼盘; Visma 强调可预测定价和组合式铺开。与 GitHub、GitLab、Azure DevOps、CI/CD、Slack、Jira、Linear、PagerDuty 和 Vanta 的集成, 让产品成为日常工作的一部分,这是最清晰可见的粘性向量。企业功能——多租户门户、本地部署、安全报告,以及更高的代码仓库 / 容器 / 云账户上限—— 支撑高端市场扩张。核心风险是,公开客户集合仍经过筛选且偏软件。Aikido 显然拥有真实客户;公开材料没有说明的是, 最大账户里沉淀了多少 ARR,使用中有多少免费、多少付费,扩张是广泛发生,还是集中在少数大型工程组织。[CU025, CU026, CU027, CU028, CU029, CU040]
| 项目 | 类型 | 影响 | 尽调路径 |
|---|---|---|---|
| 工具整合 | 扩张驱动因素 | 高度正向 — 多个客户用一个平台替换碎片化工具栈,或把 DAST、SAST、云和合规工作流合并 | 要求提供模块附加率,以及与单点工具对比的赢单 / 输单数据 |
| 工作流集成 | 扩张驱动因素 | 高度正向 — GitHub、GitLab、Azure DevOps、CI/CD、Slack、Jira、Linear、PagerDuty 和 Vanta 把 Aikido 嵌进日常工作 | 要求提供每个客户的活跃集成数量,以及席位级每周参与度 |
| 组合公司推广动作 | 扩张驱动因素 | 高度正向 — Visma 说明,拿下一个总部侧客户,就能打开多个组合公司部署 | 要求提供多实体 ARR 集中度,以及从试点转为组合公司标准的转化率 |
| 企业级功能 | 扩张驱动因素 | 中-高正向 — 多租户、本地部署、安全报告,以及更高的代码库或云资源上限,支撑上探大客户 | 要求提供企业服务附加率及其毛利率结构 |
| 合规驱动采购 | 扩张驱动因素 | 中-高正向 — 审计报告、Vanta 集成和受监管买方证明,在敏感垂直行业形成销售杠杆 | 要求提供按垂直行业拆分的合规驱动成交率和扩张 |
| SMB 价格敏感度 | 集中风险 | 中-高负向 — G2 评论和评测摘要显示,小企业可能觉得定价偏贵,渗透测试定价也可能偏高 | 要求提供 SMB 流失率、免费转付费转化率,以及按客户规模拆分的折扣情况 |
| 经筛选的公开证据 | 集中风险 | 高度负向 — 具体证据大多来自 Aikido 自写案例研究,独立留存证据仍然稀薄 | 要求提供访谈客户名单、续约队列,以及按细分市场拆分的第三方满意度 |
| 客户集中度不透明 | 集中风险 | 高度负向 — 公开材料披露团队数和增长说法,但没有给出确切付费组织、头部客户结构、NRR 或流失率 | 要求提供前 10 大客户 ARR、总留存率、净留存率和合同到期日历 |
乐观情景讲的是工作流扩张和整合。风险在于,公开材料始终没有把这个故事转化为客户经济性披露。
[CU025, CU026, CU027, CU028, CU029, CU035]开发者主导的买方如何从噪音或合规痛点,进入试点、上线、重复使用工作流,并在 Aikido 上扩张。
这张旅程图根据抓取的客户故事、定价页面和评论页面重建。Aikido 不公布阶段转化率或平均销售周期。
[CU025, CU026, CU027, CU028, CU029, CU040]从安全痛点到试点、上线、常规使用和扩张的定性流程。Aikido 不公布分阶段转化数量。
这是序列图,不是实测数字漏斗。公开来源更能揭示顺序和摩擦点,而不是实际转化率。
[CU019, CU020, CU025, CU026, CU028, CU029]6.6 图表
07风险
7.1 监管、隐私与采购风险
Aikido 的主要法律风险不是明显的活跃诉讼或监管行动,而是公开材料已经证明的内容与受监管买家可能要求之间的缺口。 公司的公开法律披露面可信但不完整:隐私政策明确以 GDPR 为基准,条款识别出一个比利时法律实体,信任中心和合规文档也显示公司认真包装安全审查所需证据。 但同一批留存材料也显示了边界。公开网站条款并未针对 HIPAA、FISMA 或 GLBA 互动定制,本次审阅的材料本身也没有浮现客户 DPA、 子处理方登记册或详细事件承诺。这并不意味着这些材料私下不存在;它意味着,仅靠公开法律披露面还不足以承保受监管企业扩张情景。 时间风险正在上升,因为 Aikido 不再只是销售泛化 AppSec。其文档明确营销 NIS2、DORA、GDPR 和其他框架的合规页面, SCA 营销现在也把 SBOM 输出绑定到 CRA 就绪。这种定位可以加速销售,但也让产品和信任团队必须对审计级映射负责, 而不只是提供好的 UX。如果 Aikido 无法在客户尽调中支撑这些映射,采购周期可能拉长,受监管机会可能停滞, 客户信任也可能恰好在公司试图上移市场的位置破裂。[CR004, CR005, CR006, CR007, CR009, CR010]
| 规则 / 许可 / 案件 | 司法辖区 | 状态 | 可能性 | 严重性 | 缓释措施 | 剩余暴露 | 尽调路径 |
|---|---|---|---|---|---|---|---|
| Cyber Resilience Act / 安全内建生命周期负担 | EU 软件市场 | 已生效;Aikido 对外销售与 CRA 相关、可用于合规的 SBOM 输出 | 高 | 高 | SBOM 工具、SCA、信任中心控制项、合规页面 | 如果扫描器覆盖或映射滞后,营销说法可能跑在审计级证据前面 | 审查 CRA 控制项映射、SBOM 完整性,以及客户审计例外 |
| NIS2 保障负担 | EU 基本和重要实体 | NIS2 覆盖范围和报告义务正在扩大,Aikido 同时销售 NIS2 报告能力 | 高 | 高 | NIS2 专用报告页面和企业支持打包 | 如果输出经不起安全评审审查,采购会受阻 | 查看近期 NIS2 买方问卷、赢单 / 输单记录和证据包 |
| DORA / 金融行业 ICT 第三方监督 | EU 金融服务 | 金融机构面对韧性和第三方监督义务;Aikido 对外销售 DORA 报告能力 | 中-高 | 高 | DORA 报告页面、企业支持、自定义 SLA、隐私计划 | 进入金融客户可能需要比公开网站更完整的第三方风险材料包 | 要求提供 DPA、子处理方清单、事件通知条款和金融行业参考客户 |
| GDPR 和处理方治理负担 | EU 及跨境运营 | 隐私政策以 GDPR 为基准,数据会与服务支持方共享 | 中-高 | 高 | 隐私负责人、以 GDPR 为中心的计划、不出售声明 | 公开材料仍未讲清传输、处理方和子处理方深度 | 要求提供数据地图、传输机制、留存日程和处理方登记册 |
| 公开法律材料包完整性 | 企业采购 | 公开材料包主要包括信任中心、隐私政策、条款和登记信号 | 中 | 中-高 | 清晰的实体披露和可见信任内容 | 买方法务可能仍需要未公开的合同材料 | 调取当前 MSA、安全附录、DPA 模板和外部律师争议摘要 |
按剩余严重性排序。没有公开执法材料包,不应解读为企业尽调问题不存在。
[CR007, CR009, CR010, CR011, CR012, CR013]7.2 平台与依赖风险
Aikido 的产品有意把摩擦做低:基于 API,默认只读,并且紧密接入源代码管理、云、CI 和工作流工具。商业上这很有吸引力,因为部署痛点少,客户也能更快拿到价值,但它同时把依赖关系集中到几类外部平台上。 GitHub 状态决定接入和访问同步;云权限决定 CSPM 可见度;PR 门禁依赖上游 SCM 钩子;SCA 能力又部分依赖 NVD、GitHub Advisory 等第三方情报源。公司说自己「无代理」、几分钟即可上线,本质上也在说:外部平台是控制平面的重要组成部分。 缓释因素确实存在。信任中心材料强调临时代码处理、默认只读权限,以及面向隐私敏感环境的本地扫描选项。Zen Firewall 增加运行时防护和广泛语言支持,PR 门禁加上 CI / API 路径,也给客户提供了不止一种工作流选择。但这一运营模式会把合作伙伴风险直接导入产品可靠性。权限变更、API 速率限制或数据源质量问题,都可能在 Aikido 自己还没发一行代码前就削弱覆盖。本地扫描路径也有明确取舍:隐私敏感买家可以把代码留在本地,但公开文档说这些账号拿不到 UI AutoFix,这意味着产品最醒目的生产力主张之一,不能无缝覆盖每一种部署模式。[CR001, CR002, CR003, CR015, CR016, CR017]
| 故障模式 | 可能性 | 严重性 | 缓释成熟度 | 剩余暴露 | 未解决缺口 |
|---|---|---|---|---|---|
| 核心集成的 API 或权限漂移降低扫描覆盖或接入速度 | 高 | 高 | 中 — 只读设计、多平台文档和本地扫描选项有帮助 | 高 | 没有公开的依赖 SLA、错误预算或限流历史 |
| 横跨代码库、云、容器、域名、运行时和合规界面,带来质量控制负担 | 中-高 | 高 | 中 — PR 门禁、客户工作流集成和广泛文档已经存在 | 中-高 | 没有公开的精确率 / 召回率或漏出缺陷数据集来验证广度叙事 |
| 面对隐私敏感买方,托管与本地部署的效果可能不一致 | 中 | 中-高 | 中 — 已有本地部署和本地扫描 | 中-高 | Local Scan 账户缺少 UI AutoFix,公开材料也没有一致性指标 |
| 运行时保护采用滞后,因为代码嵌入和语言支持仍有选择性 | 中 | 中-高 | 中 — Zen Firewall 覆盖主要语言,并有 Go 测试版路径 | 中 | 公开材料没有披露采用率、附加率和拦截质量数据 |
| 公开韧性透明度太浅,无法验证网站正常运行时间之外的更大平台 | 中 | 中 | 低-中 — 可见状态页和信任中心表述已经存在 | 中 | 公开只能看到网站组件;更深层服务历史仍为私有 |
剩余暴露仍偏高,因为公开材料更能证明控制项和产品界面,无法同等证明真实可靠性和部署一致性结果。
[CR001, CR002, CR003, CR008, CR015, CR017]| 依赖项 | 对手方 | 角色 | 集中度 | 故障场景 | 严重性 | 缓释措施 | 剩余暴露 |
|---|---|---|---|---|---|---|---|
| SCM 集成和组织同步 | 代码平台:GitHub、GitLab、Bitbucket、Azure DevOps | 接入、PR 门禁、代码库可见性、访问同步 | 高 | 权限变更、API 漂移或集成中断会制造盲区并增加客户摩擦 | 高 | CLI 和 API 替代路径加上本地扫描,可以降低但不能消除依赖 | 高 |
| 云账户连接 | AWS、Azure、GCP | CSPM、云可见性、组织级覆盖 | 中-高 | 角色变更或接入摩擦会明显降低云安全覆盖 | 高 | 多云支持和区域或组织文档让路径略有分散 | 中-高 |
| 漏洞情报源 | NVD、GitHub Advisory 和 10+ 个外部情报源 | 依赖项和恶意软件情报 | 中-高 | 情报源延迟、质量问题或数据结构变更会削弱 SCA 信任和优先级排序 | 高 | Aikido 交叉引用多个情报源,而不是依赖单一来源 | 中-高 |
| 工作流连接器 | Jira 和 Slack | 路由、工单创建和告警可见性 | 中 | 工作流断裂会拖慢修复,也让价值兑现更不明显 | 中 | 集成是可选项,可以手工绕过 | 中 |
| 客户授予访问权限和配合部署 | 客户管理员和安全团队 | 授予组织、云和工作流权限范围,让平台发挥作用 | 高 | 安全、隐私或法律异议会拖慢推广,或限制可用覆盖 | 高 | 只读默认、本地扫描和本地部署选项可以部分抵消异议 | 中-高 |
依赖图是产品结构性的,不是偶然项:Aikido 的速度主张部分取决于它能否干净摄取足够多第三方状态。
[CR002, CR003, CR016, CR018, CR019, CR020]产品更依赖少数外部控制面,而不是物理基础设施。
依赖按功能控制点排列,不按已披露收入集中度排列。
[CR016, CR020, CR022, CR023, CR026, CR040]7.3 市场契合度与运营执行风险
官方和独立客户记录方向上偏正面,但仍留下执行风险。官方客户证据显示,客户从一长串既有单点工具迁移而来,并反复强调降噪、快速接入 和快速修复。定价页引用甚至称,Aikido 在 2025 年 NPM 供应链攻击期间响应很快,这正是企业买家想听到的行为。但独立证据比官方叙事薄。Capterra 的评论数量仍少,PeerSpot 明确把产品指向 10–500 名开发者的非企业 SaaS 团队,TrustRadius 也出现评论者要求基于代理 的基础设施报告,而 Aikido 目前并不提供。 这组信号重要,因为 Aikido 试图把 SAST、SCA、IaC、恶意软件、云、合规和运行时等多个类别压缩进一个带明确取向的工作流。如果产品对大型或高度定制环境来说太浅,帮助 SMB 和中端市场采用的同一广度,就会变成企业深度上的反对理由。公开状态页在这里提供的安慰有限,因为它目前展示的是网站可用时间视图,而不是覆盖整个平台的更细组件地图。因此,剩余风险不是客户会直接否定开发者优先逻辑;而是 Aikido 最有吸引力的主张,最容易在行动快的工程团队中证明,最难在最慢、监管最重的采购场景里证明。[CR008, CR027, CR028, CR029, CR030, CR031]
| 角色 / 职能 | 依赖或缺口 | 可能性 | 严重性 | 缓释措施 | 尽调路径 |
|---|---|---|---|---|---|
| 合规与信任负责人 | 产品扩张时,必须让隐私、保障和框架映射保持审计就绪 | 中-高 | 高 | 信任中心、隐私负责人、公开保障说法和合规报告界面 | 要求提供负责人名单、审计节奏、证据刷新流程和框架变更待办清单 |
| 集成与平台工程 | 核心 UX 依赖 SCM、云、工单和 CI 集成保持健康 | 高 | 高 | 广泛文档覆盖,以及 CLI 或 API 替代路径 | 检查集成事件日志、限流历史和头部合作伙伴升级联系人 |
| 安全研究和信号质量负责人 | 降噪和优先级排序承诺取决于情报源质量、调优和响应速度 | 中-高 | 高 | 外部情报源、漏洞赏金、渗透测试,以及围绕事件响应的客户证据 | 要求按扫描家族提供精确率 / 召回率、漏出缺陷和重大事件复盘 |
| 企业支持与客户成功 | 自定义 SLA 和企业打包需要更深的支持纪律,不能只靠 PLG | 中 | 高 | 企业支持、培训、接入和多租户门户都是公开产品 | 审查支持人员配比、P1 和 P2 响应历史,以及大型客户续约参考 |
| 部署路径产品负责人 | 托管、本地扫描、本地部署、代理和运行时模式必须一起演进,不能割裂体验 | 中 | 中-高 | 公开的本地扫描、本地部署和运行时选项拓宽了工具箱 | 要求提供附加率、按部署模式拆分的赢单 / 输单,以及托管与本地一致性的路线图 |
公开材料显示哪些职能重要,但没有说明谁负责,也没有证明人员深度已经匹配产品界面广度。
[CR004, CR007, CR013, CR023, CR024, CR026]7.4 投资逻辑破裂触发因素与缓释措施
Aikido 的投资逻辑要成立,前提是公司守住 API 优先开发者产品的简单性,同时逐步满足更挑剔的企业和受监管客户要求。公开缓释证据还算充分:不存储代码的主张、默认只读、本地扫描、运行时防火墙选项、年度渗透测试、漏洞赏金覆盖、面向客户的合规报告,以及企业支持打包,都指向正确方向。但这些只是积木,不是公司已经完全跨入审计级、高监管软件保障的证明。最大的承销错误,是把覆盖面的广度误当成执行深度。 因此,投资逻辑破裂触发点需要盯住可观察的传导渠道。如果 Aikido 在被要求时拿不出更完整的隐私和合同材料,因本地部署买家无法匹配托管工作流能力而丢单,评论质量围绕定制化或基础设施遥测恶化,或在 API / 权限变化后出现合作伙伴驱动的盲点,下行会很快反映到签约质量和估值支撑上。反过来,如果公司开始拿下更多可引用的受监管客户,在供应链事件中维持强响应可信度,并缩小托管与本地的能力差,今天的大部分风险溢价都可能收缩。当前剩余判断为中高:可信缓释存在,但几个最难的尽调问题仍要靠私有证据,而不是公开证明来回答。[CR003, CR005, CR007, CR008, CR013, CR026]
| 风险 | 可监控触发项 | 阈值 / 事件 | 行动含义 |
|---|---|---|---|
| 受监管市场审计失手 | 安全评审或采购要求 DPA、子处理方或框架证据,而公开材料包无法支撑 | 两个或更多有意义的受监管交易因为 Aikido 无法快速提供审计级材料而停滞或降级 | 下调受监管客户扩张信心,把合规报告上行空间放进观察清单,而不是基准情景 |
| 平台依赖冲击 | GitHub、云或 CI 权限 / API 变更制造实质盲区或接入失败 | 一个主要集成降级超过一周,或需要更广权限而客户抵触 | 重新评估速度与覆盖逻辑,并下调采用假设 |
| 本地扫描或本地部署一致性缺口 | 隐私敏感部署无法达到托管工作流效果或 AutoFix 生产力 | 流失交易或参考客户投诉集中在托管与本地功能差异 | 限制本地部署上行空间,并把部署组合视为拖累毛利率和销售速度 |
| 企业深度缺口 | 评论或参考访谈反复要求更丰富的基础设施遥测、定制化或支持深度 | 代理、遥测或定制化投诉在多个季度内反复出现且未解决 | 下调企业成交率假设,并把估值转向中端市场经济性 |
| 信号质量恶化 | 降噪、优先级排序或修复质量明显变差 | 参考客户或评论渠道报告误报上升、漏报问题或修复质量偏弱 | 将核心产品护城河标记为受损,并压缩收入质量预期 |
| 事件后的透明度短板 | 状态界面仍然很浅,或公开中断后没有可信 RCA | 发生可见事件,却没有组件级披露或有说服力的修复叙事 | 显著提高尽调门槛,并在披露改善前折价管理层可信度 |
这些触发项围绕可观察事件设计,应出现在尽调、参考访谈、评论或未来公开材料中,而不是只靠直觉。
[CR008, CR026, CR029, CR035, CR039, CR040]剩余风险主要集中在合规可信度、平台依赖和企业级深度执行,而不是某一起足以致命的诉讼或宕机。
单元格是基于保留公开资料包综合得出的序数型投资人判断,不是实测概率或损失估计。
[CR007, CR008, CR013, CR016, CR026, CR039]Aikido 的风险主要沿着审计可信度、覆盖完整性、导入摩擦和企业信任传导。
传导图展示方向而非权重;多个风险可能同时打到同一个下游渠道。
[CR018, CR020, CR022, CR026, CR039, CR040]08估值
8.1 投资逻辑与反向逻辑
Aikido 的正向逻辑很直接。公司显然不是零牵引力故事:2026 年 1 月 Series B 把估值打到 $1 billion,管理层称平台服务全球 100,000+ 个团队,官方 Series B 文章和第三方报道都称收入增长 5x,客户基数在前一年增长超过 3 倍。产品逻辑也自洽。Aikido 把自己定位成统一的代码到云安全平台,早期 Series A 信息强调免费增值、自助、开发者驱动的打法。如果该模式真能把高产品广度、低摩擦接入,以及向企业和 AI 渗透测试工作流的高效扩张结合起来,Aikido 仍可能长进溢价估值。 反向逻辑比公开牛市叙事承认的更强。最好的公开 ARR 数据点来自 ARR Club,而不是管理层;这些数据暗示,$1 billion 估值建立在估计 40x–100x ARR 区间上。来自备案文件的证据显示,比利时实体到 FY2025 仍在亏损,而最重要的承销变量——合并收入、毛利率、NRR、烧钱速度、债务和清算优先权——仍不可得。换句话说,公开证据确认了增长和融资,但还不足以让人有把握按当前估值入场。 [CV001, CV003, CV005, CV007, CV011, CV012]
| 维度 | 投资逻辑 | 反向逻辑 | 改变观点的证据 |
|---|---|---|---|
| 增长证据 | Series B 轮、100,000+ 个团队、5x 收入增长和客户基数翻三倍,显示真实动能 | ARR 仍来自外部估计而非管理层验证,增长叙事还没形成完整投资支撑 | 经验证的往绩 ARR 和按季度收入 |
| 产品定位 | 统一的代码到云端平台加 AI 渗透测试,可以拉宽 ACV 并形成溢价定位 | 如果支持或服务负担重,产品广度未必能转化为溢价经济性 | 按产品线拆分的毛利率桥接,以及 AI 渗透测试附加率证据 |
| GTM 模型 | 免费增值和自助服务可以带来高效的开发者主导获客 | 起始 ACV 较低;若没有异常强的扩张指标,$1B 标记很难支撑 | 按层级拆分的 NRR / GRR 和企业扩张队列 |
| 融资信号 | 蓝筹投资人接受 $1B 价格,说明私人市场信心强 | 公开投资人不知道股权结构表保护、优先股堆叠,也不知道是否嵌入任何老股交易 | 完整股权结构表、清算优先权瀑布,以及任何内部人流动性条款 |
| 相对估值 | 如果 Aikido 走上类似 Wiz/Snyk 的路径,做到异常大的 AppSec 规模,溢价可能合理 | 公开估计区间仍隐含 40x-100x ARR,高于多数可观察网络安全倍数 | 经验证 ARR 超过 $50M,并证明软件式毛利率 |
| 证据质量 | 官方和备案来源支持公司存在、已融资且在国际扩张 | 核心投资判断数据仍不可得,反向评论证据显示产品和定价有摩擦 | 经审计财务、留存指标和客户集中度披露 |
反向逻辑不是失败预测,而是一组事实:目前它们阻止只看公开证据的投资人有信心承销当前估值。
[CV003, CV009, CV010, CV024, CV025, CV026]当前投资建议中,已确认的增长动能和市场定位被估值溢价与披露缺口压过,图中映射了这条逻辑。
投资建议逻辑是基于公开证据搭出的分析框架。它用于展示决策链,而不是代表管理层或投资人的内部想法。
[CV003, CV005, CV011, CV024, CV034]8.2 建议、置信度与估值立场
对新资金的建议是观察 / 继续研究。公司本身可能质量很高,但当前估值还没有被公开证据充分锚定。Aikido 的 $1 billion 投后估值轮只有在乐观假设下才说得通:ARR 已经更接近 ARR Club 给出的 $25 million 信号,而不是 1 月份较低的 $10 million 信号;增长到 2027 年仍然很高;业务最终拥有类似软件公司的毛利率,而不是更重的支持与服务混合画像。 置信度为中低,因为核心算术依赖估计 ARR 和公开可比倍数,而不是经审计的管理层披露。风险评级为高。如果 Aikido 已经达到 $25 million ARR,并且能继续复合增长,当前估值最终可能只是显得激进。可是,如果该轮更接近低十几百万 ARR 成交,价格就高过几乎所有可观察公开网络安全倍数,CrowdStrike 除外。对现有内部投资者来说,持有仍可能合理,因为公司刚拿到新资金,也有动能。对只使用公开证据的外部投资者来说,当前估值应视为偏高。 [CV011, CV012, CV022, CV023, CV024, CV034]
| 维度 | 评估 | 证据质量 | 变化条件 |
|---|---|---|---|
| 建议 | 新投资人:观察 / 继续研究;已在本轮内的投资人才持有 | 中-低 — 增长信号强,但公开投资论证细节弱 | 只有在 ARR、毛利率、留存和股权结构表证据得到验证后,才上调评级 |
| 信心 | 中-低 | 公开证据确认融资和增长方向,但不能确认运营质量 | 如果管理层披露合并 ARR / 收入桥接和经审计指标,信心会提升 |
| 风险评级 | 高 | 下行由估值溢价加经济性披露缺失驱动 | 只有证明溢价经济性并弄清优先股堆叠后,评级才会下降 |
| 估值立场 | 偏高 | 公开估计区间隐含 40x-100x ARR,而公开可比公司区间为 0.6x-34.3x | 如果 ARR 已明显高于 $25M,或入场价格实质重置,估值会接近合理 |
| 回报门槛 | 2x 需要大约 $2B 退出价值 | 当前公开证据不支持把该结果作为基准情景 | 需要 ~$100M ARR 和 ~20x 倍数,或获得等效战略溢价 |
| 公开支撑程度 | 部分 | 公开事实支撑牵引力和融资;关键估值输入仍不可得 | 在合并财务披露或条款更清晰的新定价轮后重新评估 |
评估仅基于截至 2026-05-22 的公开和已抓取来源。这不是投资建议,并且明确区分公开事实和外部估计。
[CV011, CV012, CV022, CV024, CV029, CV034]8.3 融资背景、公开支持与优先权压力
从公开信息看,Aikido 的融资历史强,但不完整。留存记录支持这样一条路径:2023 年底 €5 million 种子资金,2024 年 5 月 $17 million Series A,2026 年 1 月 $60 million Series B,另有大约 €2 million 早期可转债资金。这足以显示可信的投资人需求,以及约 $85 million 的资本基础。但还不足以精确建模下行。公开记录没有披露完整股权结构表、优先清算堆叠、反稀释机制,也没有说明最新一轮是否包含任何老股流动性。 来自备案文件的证据方向上有用,但达不到承销级。比利时 BV 实体在 FY2025 年末有 €18.2 million 资产和 €14.7 million 权益,但毛利率和经营利润为负。英国实体只出现在 2026 年 4 月备案中,随后有股本和会计期间变更。这一组合说明,公司在国际扩张的同时,仍在搭建法律和报告边界。因此,投资者可以说 Aikido 资金充足。但只看公开证据,无法说普通股持有人或后期老股买家有多少下行保护。 [CV002, CV004, CV006, CV007, CV008, CV009]
| 优先级 | 主题 | 缺失证据 | 重要性 | 尽调路径 |
|---|---|---|---|---|
| 1 | 合并 ARR 与 GAAP / 管理口径收入桥 | 没有公开合并收入披露;ARR Club 只是外部来源 | 决定当前 $1B 估值到底是 40x、100x,还是更可辩护的水平 | 索取 2025 年至最近季度的月度 ARR 和收入桥 |
| 2 | 毛利率以及软件 / 服务组合 | 比利时文件显示亏损,但没有合并产品经济性 | 高溢价软件倍数需要软件型毛利结构 | 索取按产品拆分的合并毛利率,以及支持 / 服务分摊 |
| 3 | NRR / GRR 以及按层级拆分的扩张 | 没有公开留存数据 | 自下而上的定价只有在扩张异常强时,才支撑 $1B 估值 | 索取按队列拆分的留存、logo 流失、扩张和降级率 |
| 4 | 股权结构表和清算优先权 | 没有公开优先股堆叠、反稀释或老股交易细节 | 没有这些数据,就无法建模下行情景和晚入场回报 | 索取完整股权结构表、条款清单摘要,以及任何附函流动性条款 |
| 5 | 客户集中度和企业客户结构 | 公开案例列出客户 logo,但没有集中度或 ACV 结构 | 判断 5x 增长叙事能持续多久,必须有这些数据 | 索取前 20 大客户占比、客群结构和合作伙伴集中度 |
| 6 | AI 渗透测试变现证明 | 产品叙事强,但变现和毛利率影响尚未公开证明 | 高溢价上行取决于 AI 功能能否提高 ARPU 或留存,而不只是营销叙事 | 索取 Aikido Attack / 渗透测试工作流的附加率、提升幅度和毛利率数据 |
第 1-4 项是按当前估值承销任何新资金的前置门槛。第 5-6 项对判断上行能否超越叙事溢价至关重要。
[CV009, CV024, CV028, CV038, CV041, CV042]8.4 乐观、基准与悲观情景
情景分布异常宽,因为起始输入异常不确定。乐观情景需要的不只是执行好;Aikido 还必须继续保持异常值。在这种情况下,ARR 到 2027 年达到大约 $80 million 至 $100 million,AI 渗透测试和企业增购加深变现,业务保住 18x–20x 的溢价倍数。这样得到的估值区间约为 $1.4 billion 至 $2.0 billion。这个情景可能发生,但对以 $1 billion 入场的新投资者来说,只是勉强越过回报门槛。 基准情景要难看得多。如果增长仍强但开始正常化,ARR 可能落在 $45 million 至 $60 million 区间,市场可能只给 10x–12x 倍数,对应 $450 million 至 $720 million 价值。悲观情景更严厉:$25 million 至 $35 million ARR 配 5x–7x,得到 $125 million 至 $245 million。若公开指标持续稀薄、捆绑压力上升,或业务毛利率低于软件优先投资者预期,这些结果并不极端。关键在于,当前价格只有在 Aikido 未来几年继续保持异常值时才站得住。 [CV029, CV030, CV031, CV032, CV033, CV040]
| 情景 | 2027 ARR / 收入区间 | 倍数假设 | 隐含估值 | 相对 $1B 入场价回报 | 关键假设 | 概率信号 | 失效触发点 |
|---|---|---|---|---|---|---|---|
| 乐观 | $80M-$100M ARR | 18x-20x | $1.4B-$2.0B | 1.4x-2.0x | AI 渗透测试和企业增购跑通,ARR 保持超高速增长,毛利率呈现软件型结构 | 低(~20%) | 到 2027 年 ARR 仍低于 $60M,或毛利率不及预期 |
| 基准 | $45M-$60M ARR | 10x-12x | $450M-$720M | 0.45x-0.72x | 增长仍好但回归常态;披露仍不完整;溢价向更广泛网络安全公司收缩 | 中(~50%) | 定价承压、扩张走弱,或缺少高溢价经济性的证据 |
| 悲观 | $25M-$35M ARR | 5x-7x | $125M-$245M | 0.13x-0.25x | ARR 估计区间过于乐观,捆绑压力上升,或交付偏服务化拖累毛利率 | 低至中(~30%) | 平轮 / 下轮融资、流失率飙升,或披露毛利率明显低于软件门槛 |
情景测算使用公开估计区间和公开市场可比倍数。这些区间只是分析框架,不是管理层指引,也不是银行给出的估值意见。
[CV029, CV030, CV031, CV032, CV033, CV040]| 触发项 | 阈值 | 失效原因 | 行动含义 |
|---|---|---|---|
| ARR 证明不及预期 | 2026 年后经验证 ARR 仍低于 $25M,或到 2027 年低于 $60M | 当前估值依赖异常高增长;ARR 证明偏弱会打掉溢价理由 | 按上市底部可比组重新定价;避免按接近上一轮估值出价 |
| 毛利率不像软件 | 合并毛利率低于 ~70%,或服务业务明显拖累 | Aikido 不再像高溢价软件,更像软件与交付混合业务 | 从高溢价倍数切到 5x-10x 区间分析 |
| 留存和扩张失灵 | NRR 低于 ~110%,或企业客户扩张偏弱 | 自下而上的切入点没有复利;低初始 ACV 无法放大成估值支撑 | 把 $1B 融资轮视为相对收入质量透支 |
| 出现平轮或下轮融资 | 下一次定价融资不高于 $1B | 市场出清证据推翻当前估值,并暴露高溢价需求不足 | 在条款正常化前,将新资金建议重置为回避 |
| 捆绑销售压缩定价 | GitHub / GitLab / 大平台竞争显著压低赢单率或实际成交价 | 在 Aikido 达到足够规模前,低价和简单这条切入口变窄 | 用更低 ARR 和更低倍数重切基准 / 悲观情景 |
| 报告和结构仍不透明 | 到下一轮融资周期仍未合并披露 ARR、毛利率和股权结构表 | 持续不透明本身就是上市准备度和老股需求的风险信号 | 任何新投资或老股购买前都必须做硬尽调 |
这些阈值是分析触发项,不是管理层指引。设计重点是可观察、与估值有关,而不是精准预测经营结果。
[CV023, CV026, CV028, CV033, CV038, CV042]展示不同 ARR 与倍数组合对应的隐含价值,突出 Aikido 要交付多少业绩才能支撑或超过当前 $1B 估值。
价值单位为百万美元,是简单的 ARR 乘倍数场景。未调整净现金、债务、稀释或优先权负担。
[CV011, CV017, CV029, CV030, CV031]给出本章情景模型隐含的悲观、基准和乐观结果区间。
区间是基于公开估算区间和可比倍数的分析情景。2x 行是门槛参考,不是概率加权预测。
[CV029, CV031, CV032, CV033]8.5 可比公司组合与相对估值
可比组合分成三层分析。第一层是直接公开软件安全和 DevSecOps 参照:GitLab 是最接近的工作流平台类比,交易倍数约 4.5x 收入;Qualys 和 Tenable 分别约 5.2x 和 2.7x。Rapid7 约 0.6x 收入,是安全厂商失去增长可信度后的警戒底部。这些公司没有一个是完美商业模式匹配,但都能说明:一旦增长放缓,或产品广度不再稀缺,正常化公开网络安全倍数会落在哪里。 第二层是高溢价公开安全软件。Palo Alto Networks 按当前市值 / 收入替代口径约 20.7x,CrowdStrike 约 34.3x。它们是公开市场天花板,不是中心情景。第三层是后期私有安全公司。Wiz 的 $12 billion 融资展示了 2024 年顶端私有云安全基准的样子;Snyk 的 $300 million ARR 和最近 $7.4 billion 估值组合,暗示约 24.7x 的私有 AppSec 基准。放在这组参照中,除非 Aikido 已经更接近 ARR 估算区间的顶部,否则隐含 40x–100x 区间显得昂贵。 [CV013, CV014, CV015, CV016, CV017, CV018]
| 公司 | 类型 | 公开 / 估计规模 | 估值参考 | 倍数参考 | 对 Aikido 的参考价值 | 局限 |
|---|---|---|---|---|---|---|
| Aikido Security | 未上市 AppSec 平台 | ARR 估计区间 >$10M 至 $25M(2026 年 1-4 月外部信号) | $1.0B 投后估值(2026 年 1 月) | ~40x-100x ARR | 分析对象;显示当前未上市市场定价 | ARR 区间来自外部且未核验;没有公开毛利率或 NRR |
| CrowdStrike | 上市安全平台 | $4.81B TTM 收入 | $164.99B 市值 | ~34.3x 市值 / 收入 | 精英级高增长安全软件的上市高溢价标杆 | 规模大得多、成熟度更高,盈利能力也远强于 Aikido |
| Palo Alto Networks | 上市平台型安全公司 | $9.89B TTM 收入 | $205.11B 市值 | ~20.7x 市值 / 收入 | 展示平台广度做到规模后能拿到的定价 | 多元化规模和产品组合远超今天的 Aikido |
| GitLab | 上市 DevSecOps 平台 | $0.95B TTM 收入 | $4.32B 市值 | ~4.5x 市值 / 收入 | 上市公司中最接近的工作流平台参照 | 更宽的 DevOps 平台,不是纯 AppSec |
| Qualys | 上市安全 SaaS | $0.68B TTM 收入 | $3.55B 市值 | ~5.2x 市值 / 收入 | 成熟软件安全估值底部参照 | 增长更慢,分销模式也不同 |
| Tenable | 上市网络暴露管理公司 | $1.02B TTM 收入 | $2.77B 市值 | ~2.7x 市值 / 收入 | 有用的下行上市估值底部 | 品类和客户结构不同于 Aikido |
| Rapid7 | 上市网络运营 / 暴露管理公司 | $0.85B TTM 收入 | $0.47B 市值 | ~0.6x 市值 / 收入 | 增长可信度褪色时的估值下修警示案例 | 市值还受到品类结构以外的公司自身问题压制 |
| Snyk | 未上市 AppSec 标杆 | $300M ARR(据报道) | TechCrunch 提及的最近估值 $7.4B | ~24.7x ARR | 保留样本中最好的后期未上市 AppSec 参照 | 仅一处第三方来源;估值时点与 ARR 时点并不完全一致 |
| Wiz | 未上市云安全标杆 | 引用来源未披露收入 | 2024 年融资轮估值 $12B | 保留来源中 N/A | 未上市安全公司高端溢价标杆 | 云安全龙头,不是直接 AppSec 或开发者工具参照 |
上市公司行使用 CompaniesMarketCap 当前市值和收入快照,并用 SEC 文件作佐证。Aikido 使用公开投后估值和外部 ARR 估计区间,因此倍数是估算值,不是申报指标。
[CV011, CV012, CV013, CV014, CV015, CV016]8.6 退出准备度与最终尽调问题
公开证据不支持已具备 IPO 条件的结论。Aikido 具备强私有成长公司的要素——清晰的品类定位、近期资本和可见动能——但还没有达到公开市场承销流程需要的披露标准。最重要的缺失项包括合并 ARR 和 GAAP 收入、软件与服务毛利率、按 cohort 和层级拆分的留存、股权结构表和优先权细节,以及客户集中度。这些不是小的报告缺口;它们是判断 $1 billion 估值只是激进还是根本跑在业务前面的核心变量。 因此,下一步尽调不是讲出更好的故事,而是拿到更好的证据。管理层需要证明,AI 渗透测试和统一代码到云定位是否真的带来溢价经济性。如果能,当前估值仍可能继续复合。如果不能,公司在走到 IPO 前更可能先面对平轮到降价轮的压力。按今天的公开证据,战略可选性比近期公开上市准备度更可信,尽调议程也应据此搭建。 [CV009, CV024, CV028, CV036, CV037, CV038]
仅用公开证据,对 Aikido 的估值设置做 IC 风格定性评分。
KPI 值只是基于公开证据的分析判断。不是公司、投资人或任何第三方评级机构给出的评分。
[CV003, CV009, CV022, CV024, CV025, CV034]8.7 展项
免责声明
本报告是基于公开证据的尽调快照,不构成投资建议。重要的财务、法律、技术和合同事实仍未公开;作出任何投资决定前,应直接向管理层和一手文件核验。
证据索引
| 编号 | 陈述 | 可信度 | 来源 |
|---|---|---|---|
| CO001 | Aikido Security was founded in 2022. | 高 | SO001, SO005, SO018 |
| CO002 | Aikido launched in September 2022 and public reporting says the business was initially self-funded before outside capital arrived. | 低 | SO020 |
| CO003 | Official and third-party materials describe Aikido as founded in Ghent, Belgium. | 高 | SO005, SO019 |
| CO004 | Aikido's current official about page lists a UK headquarters in London and a U.S. office in Chicago. | 中 | SO001 |
| CO005 | Aikido's careers page says the company is remote-friendly with a home base in Belgium and active roles across Ghent, London, Chicago, and San Francisco. | 中 | SO002 |
| CO006 | Aikido positions itself as a unified security platform spanning code, cloud, and runtime security. | 高 | SO001, SO005, SO006 |
| CO007 | Aikido publicly sells a freemium self-service product with free, Basic, Pro, and Advanced tiers, with listed paid platform fees of $350, $700, and $1,050 per month. | 高 | SO003, SO023 |
| CO008 | The pricing page shows Aikido covering SCA, SAST, IaC, DAST, CSPM, API scanning, runtime protection, and related developer-security workflows. | 中 | SO003 |
| CO009 | Official pricing and customer-story pages emphasize reduced noise, automated triage and fixes, and deep integration into developer and compliance workflows. | 中 | SO003, SO004 |
| CO010 | Current official leadership materials identify Willem Delbare, Roeland Delrue, and Felix Garriau as co-founders and current operating leaders. | 高 | SO002, SO009 |
| CO011 | Current official leadership materials also list Madeline Lawrence as late co-founder and CGO, Thijs Janse as CRO, and Louis Jonckheere as General Manager USA. | 中 | SO002 |
| CO012 | Retained public materials do not disclose a full board roster, committee structure, or independent-director map for Aikido after the Series B round. | 中 | SO001, SO002, SO014 |
| CO013 | Public reporting ties Willem Delbare's founder-market fit to prior SaaS company-building experience, including Teamleader. | 中 | SO018, SO020 |
| CO014 | Aikido announced a €5 million seed round in November 2023 co-led by Notion Capital and Connect Ventures with Inovia participation and angel backing including Christina Cacioppo. | 中 | SO008, SO022 |
| CO015 | Aikido raised a $17 million Series A in May 2024 led by Singular.vc with participation from Notion Capital and Connect Ventures. | 高 | SO007, SO009, SO011 |
| CO016 | Company and PR sources said the Series A arrived roughly six months after the seed round, making Aikido the fastest-capitalized startup in Belgian history. | 中 | SO007, SO009 |
| CO017 | Aikido raised a $60 million Series B in January 2026 led by DST Global with PSG Equity and prior investors also participating. | 高 | SO006, SO010, SO014, SO017 |
| CO018 | The January 2026 Series B valued Aikido at $1 billion. | 高 | SO006, SO010, SO015, SO016 |
| CO019 | Aikido's current about page summarizes total funding raised at $85 million. | 中 | SO001 |
| CO020 | BankInfoSecurity reported in January 2026 that Aikido had raised nearly $85 million across four outside rounds. | 中 | SO018 |
| CO021 | Around the May 2024 Series A, official and press materials said Aikido was used by more than 3,000 organizations and 6,000 developers. | 高 | SO009, SO011 |
| CO022 | By January-May 2026, official materials said Aikido was used by more than 100,000 teams globally. | 高 | SO005, SO006 |
| CO023 | Public company materials name customers including the Premier League, Revolut, SoundCloud, and Niantic, while customer pages also include Visma-linked proof points. | 高 | SO004, SO005, SO006 |
| CO024 | Aikido's January 2026 funding announcement said revenue grew fivefold over the prior year. | 中 | SO006, SO017, SO019 |
| CO025 | Aikido's January 2026 funding announcement said the customer base more than tripled over the prior year. | 中 | SO006, SO017, SO019 |
| CO026 | Public 2026 employee counts conflict materially, with retained sources citing 130, 164, 180, and 200-plus employees. | 中 | SO001, SO006, SO018, SO019 |
| CO027 | Despite the exact-number conflict, all retained 2026 sources agree Aikido has already expanded into a multi-country team with U.S. and UK operating presence. | 中 | SO001, SO002, SO018 |
| CO028 | PRNewswire reported that Aikido launched in April 2023. | 中 | SO009 |
| CO029 | Aikido acquired AI-native pentesting developers Allseek and Haicker in September 2025. | 中 | SO025 |
| CO030 | Aikido launched Aikido Infinite in February 2026 as a continuous AI penetration testing product tied to self-securing software. | 高 | SO024, SO027, SO028 |
| CO031 | Official customer stories show concrete enterprise-adoption signals, including onboarding 150-plus developers in 45 minutes and using Aikido as a foundation for compliance evidence collection. | 中 | SO004 |
| CO032 | Official customer stories attribute outcomes such as 92 percent noise reduction and 10 to 15 developer-hours saved per month to Aikido deployments. | 中 | SO004 |
| CO033 | Third-party review platforms broadly describe Aikido as easy to set up and strong on breadth, integration, and usability. | 中 | SO021, SO022, SO023 |
| CO034 | Third-party reviews also flag limited API and reporting depth on lower tiers, occasional false positives, and some hidden or immature advanced features. | 中 | SO021 |
| CO035 | The official Infinite product page says the system pentests every deployment, validates exploitability, generates patches, and retests fixes before production. | 中 | SO029 |
| CO036 | The pricing page shows Aikido integrating with Vanta, Drata, Sprinto, and other GRC tools to automate evidence gathering for technical vulnerability controls. | 中 | SO003 |
| CO037 | A MandA interview says Aikido raised about €2 million in convertible angel financing before the formal seed round. | 低 | SO020 |
| CO038 | Solutions Magazine reported after the Series B that about half of Aikido's revenue came from the United States. | 低 | SO019 |
| CO039 | Retained January 2026 sources describe Aikido as one of the fastest cybersecurity companies globally to reach unicorn status and the fastest ever in Europe according to the company. | 中 | SO006, SO016, SO017 |
| CO040 | Review-market evidence is directionally positive but still thin because the public review datasets retained for Aikido are small. | 中 | SO021, SO022, SO023 |
| CO041 | Official materials describe Aikido's long-term vision as self-securing software rather than static point-in-time security testing. | 高 | SO001, SO005, SO028 |
| CO042 | Aikido's core category narrative is that security buyers and users should be aligned around a developer-first platform with less noise and more automation. | 中 | SO006, SO007, SO011 |
| CO043 | Official customer materials say some users migrated off tools such as Snyk and tied Aikido directly into GitHub, Jira, CI/CD, and compliance workflows. | 中 | SO004 |
| CO044 | Aikido's investor base spans DST Global, PSG Equity, Singular.vc, Notion Capital, Connect Ventures, Inovia's Precede fund, and operator angels such as Christina Cacioppo and later Nik Storonsky. | 中 | SO006, SO008, SO014 |
| CM001 | Aikido’s practical market boundary is developer-first code-to-cloud security rather than generic cybersecurity spend. | 中 | SM005, SM006, SM013 |
| CM002 | Official Aikido pages show the platform spanning SAST, SCA, IaC, DAST, API testing, attack-surface monitoring, CSPM, and runtime-adjacent workflows. | 中 | SM001, SM014, SM015 |
| CM003 | Aikido publicly targets startups, enterprise teams, fintech companies, agencies, and partner-led channels rather than a single undifferentiated buyer segment. | 中 | SM001, SM002, SM003, SM004, SM009 |
| CM004 | The startup segment page positions Aikido for founder-led or CTO-led teams that need broad security without dedicated security headcount. | 中 | SM001 |
| CM005 | The enterprise segment page positions Aikido for larger teams needing SSO, access controls, on-prem scanners, monorepo management, and scale to thousands of repos and hundreds of users. | 中 | SM002 |
| CM006 | The fintech segment page frames Aikido around DORA, PCI DSS, ISO 27001, and NIS2-driven audit readiness and customer trust. | 中 | SM003, SM008 |
| CM007 | The agency segment page frames Aikido around securing many client repositories, passing customer security reviews, and protecting service margins. | 中 | SM004 |
| CM008 | Aikido’s partner page offers reseller, MSP, and technology-partner routes that can expand distribution beyond direct sales. | 中 | SM009 |
| CM009 | Vanta, Drata, and Sprinto are framed by Aikido as integration partners that automate technical-control evidence rather than as core product substitutes. | 中 | SM010, SM011, SM012 |
| CM010 | Aikido explicitly positions itself as an all-in-one application security platform. | 中 | SM005 |
| CM011 | Aikido also positions itself as a next-generation ASPM platform with code-to-cloud coverage. | 中 | SM006 |
| CM012 | Attack-surface management, API security testing, and DAST pages widen Aikido’s apparent SAM beyond pure code scanning. | 中 | SM013, SM014, SM015 |
| CM013 | Aikido’s comparison pages identify Snyk, GitHub Advanced Security, Orca, and Veracode as meaningful status-quo substitutes in adjacent parts of the market. | 中 | SM016, SM017, SM018, SM019 |
| CM014 | Aikido’s Snyk comparison page claims an entry-package saving of about 65 percent versus Snyk while adding cloud coverage. | 中 | SM016 |
| CM015 | Mordor estimates the application-security market will grow from $13.61 billion in 2025 to $14.83 billion in 2026. | 中 | SM020 |
| CM016 | Fortune Business Insights estimates the application-security market at $14.86 billion in 2026. | 中 | SM021 |
| CM017 | MarketsandMarkets estimates a much broader 2026 application-security market of $41.16 billion. | 中 | SM022 |
| CM018 | Coherent Market Insights estimates the application-security market at $15.04 billion in 2026. | 低 | SM026 |
| CM019 | The wide gap between roughly $15 billion and $41 billion 2026 estimates indicates that analysts are using materially different scope definitions for application-security spend. | 中 | SM020, SM021, SM022, SM026 |
| CM020 | Mordor says large enterprises captured 60.58 percent of 2025 application-security outlays while SMBs are the faster-growing segment. | 中 | SM020 |
| CM021 | Cloud deployment already dominates application-security spending and is projected to grow faster than on-premises deployment. | 中 | SM020, SM022 |
| CM022 | North America is the largest application-security region while Asia Pacific is projected to grow the fastest. | 中 | SM021, SM022 |
| CM023 | Web application security remains the largest segment, while API, interactive testing, and integrated platform workflows are key growth areas. | 中 | SM020, SM021, SM022 |
| CM024 | The 2026 Latio report argues that application security is consolidating into platform players and being reshaped by AI-driven workflow change. | 中 | SM023, SM027 |
| CM025 | CISA describes SBOM and VEX as foundational building blocks for software-supply-chain risk management. | 中 | SM024 |
| CM026 | The Cyber Resilience Act imposes lifecycle cybersecurity and vulnerability-handling obligations on software and hardware products with digital elements. | 中 | SM025 |
| CM027 | Aikido’s compliance pages tie market demand to ISO 27001, SOC 2 Type 2, PCI DSS, HIPAA, DORA, NIS2, and OWASP-aligned security work. | 中 | SM008, SM028 |
| CM028 | OWASP Top 10 remains a globally recognized baseline awareness document for developers and web-application security teams. | 中 | SM028 |
| CM029 | The strongest category growth drivers are regulation, software-supply-chain risk, API and cloud complexity, and pressure to reduce tool sprawl and false positives. | 中 | SM020, SM023, SM024, SM025 |
| CM030 | Adoption constraints include budget ceilings, overlapping categories, enterprise switching costs, integration complexity, and skepticism about noisy or shallow tools. | 中 | SM016, SM020, SM023 |
| CM031 | Across segments, developers and platform engineers are the main users, but budget owners differ by company type and buying trigger. | 中 | SM001, SM002, SM003, SM004 |
| CM032 | Aikido’s adoption path often begins with compliance or workflow pain and then expands into broader code-to-cloud coverage. | 中 | SM008, SM010, SM011, SM012 |
| CM033 | Aikido’s practical SAM is narrower than generic appsec TAM because the company is strongest where buyers want unified, developer-first, comparatively affordable security. | 中 | SM001, SM004, SM016, SM020 |
| CM034 | Mid-market and SMB software teams are structurally attractive because they face rising compliance pressure but often lack full in-house application-security teams. | 中 | SM001, SM008, SM020 |
| CM035 | Partner and integration routes give Aikido additional access to agency, MSP, and compliance-led buyers that might not start with a direct product search. | 中 | SM009, SM010, SM011, SM012 |
| CM036 | Public 2026 market estimates for application security differ by nearly three times even before any Aikido-specific ICP filters are applied. | 中 | SM020, SM021, SM022, SM026 |
| CM037 | Status-quo substitutes for Aikido include patchworks of open-source tools, periodic manual pentests, and point products that only solve one layer of the problem. | 中 | SM010, SM016, SM017, SM018, SM019 |
| CM038 | Aikido’s own competitive framing suggests buyers often compare code-only, cloud-only, and expensive best-of-breed tools before choosing an integrated platform. | 中 | SM016, SM017, SM018, SM019 |
| CM039 | Aikido’s API, attack-surface, and DAST pages imply that web exposure and runtime validation are meaningful market adjacencies rather than niche extras. | 中 | SM013, SM014, SM015 |
| CM040 | Compliance integrations make evidence automation a real adoption accelerator because buyers often need faster proof for customers and auditors, not just more scanning data. | 中 | SM008, SM010, SM011, SM012 |
| CM041 | A defensible narrow 2026 global AppSec TAM for Aikido is roughly $15 billion because three independent analyst sources cluster tightly around that level. | 中 | SM020, SM021, SM026 |
| CM042 | A broader 2026 AppSec-plus-platform TAM above $40 billion is only supportable if services and wider application-protection categories are included. | 中 | SM022 |
| CM043 | Aikido’s practical 2026 SAM is best framed as a $2 billion to $3 billion subset of cloud-native, developer-led appsec and compliance demand. | 中 | SM001, SM004, SM020, SM021 |
| CM044 | A near-term 2026 SOM below $1 billion is more realistic than the full SAM because enterprise trust and distribution still need to deepen. | 中 | SM002, SM009, SM020, SM023 |
| CP001 | Aikido’s real competitive set includes Snyk, GitHub Advanced Security, Semgrep, Veracode, Checkmarx, Orca, Endor Labs, Jit, Apiiro, GitLab Ultimate, and other substitute stacks rather than one single direct rival. | 中 | SP001, SP002, SP003, SP004, SP005, SP006, SP007, SP008, SP009, SP010, SP026 |
| CP002 | Snyk positions itself as a broad AppSec platform with multiple plans and add-ons that span developer and enterprise security teams. | 中 | SP011, SP012 |
| CP003 | GitHub Advanced Security sells native code and secret protection inside GitHub with active-committer pricing and strong workflow distribution. | 中 | SP013, SP014 |
| CP004 | Orca positions itself as an agentless cloud-security and CNAPP platform built around context and alert reduction for cloud-native environments. | 中 | SP015 |
| CP005 | Veracode positions itself as an enterprise AppSec platform with code-to-cloud scanning, AI-powered remediation, and SDLC integrations. | 中 | SP016 |
| CP006 | Semgrep positions itself around free entry, contributor-based pricing, and a combination of rule-based analysis with AI triage and remediation. | 中 | SP017, SP018 |
| CP007 | Checkmarx packages enterprise AppSec through modular cloud offerings that expand from SAST or supply chain into broader enterprise coverage. | 中 | SP019, SP006 |
| CP008 | Endor Labs positions itself as an AI-native application-security and supply-chain platform focused on reachability, backlog reduction, and more accurate triage. | 中 | SP020, SP021 |
| CP009 | Jit positions itself as a security execution layer powered by a company context graph rather than a simple standalone scanner bundle. | 中 | SP022 |
| CP010 | Apiiro positions itself as a unified ASPM platform powered by a proprietary Risk Graph across applications and software supply chains. | 中 | SP023 |
| CP011 | GitLab Ultimate positions advanced security and compliance as part of a broader DevOps platform bundle. | 中 | SP024, SP010 |
| CP012 | Aikido’s clearest competitive differentiator is bundled code-to-cloud breadth with comparatively simple, transparent entry pricing. | 中 | SP001, SP002, SP003, SP004, SP005, SP025 |
| CP013 | Aikido’s own comparison pages frame the company as especially strong on affordability, breadth, and false-positive reduction for smaller or mid-market teams. | 中 | SP001, SP007, SP009 |
| CP014 | Platform-native or developer-native rivals such as GitHub, GitLab, Snyk, and Semgrep pressure Aikido on workflow distribution and bottom-up adoption. | 中 | SP011, SP014, SP017, SP024 |
| CP015 | Cloud and context-heavy rivals such as Orca, Apiiro, and Jit pressure Aikido where buyers want richer graph-based prioritization or cloud-native context. | 中 | SP015, SP022, SP023 |
| CP016 | Enterprise-first rivals such as Veracode and Checkmarx pressure Aikido on governance maturity, procurement trust, and large-account readiness. | 中 | SP016, SP019 |
| CP017 | GitHub and GitLab benefit from platform-native distribution because they can sell security inside code-hosting and CI/CD systems buyers already use. | 中 | SP013, SP014, SP024 |
| CP018 | Snyk and Semgrep both offer low-friction entry through free or transparent contributor-based plans that support bottom-up adoption. | 中 | SP011, SP017 |
| CP019 | Much of the upper-enterprise field remains quote-heavy, which raises procurement opacity even when products are functionally strong. | 中 | SP016, SP019, SP025 |
| CP020 | AppSec Santa’s 2026 pricing guide says most organizations spend roughly $30,000 to $150,000 annually for a mid-market AppSec stack, with some enterprise platforms exceeding $500,000. | 低 | SP025 |
| CP021 | Snyk’s official pricing title advertises plans from $25 per month. | 中 | SP011 |
| CP022 | GitHub’s official page lists GitHub Secret Protection at $19 and GitHub Code Security at $30 per active committer per month. | 中 | SP014 |
| CP023 | Semgrep’s official pricing page shows a free edition up to 10 repositories and 10 contributors before team upgrades. | 中 | SP017 |
| CP024 | Endor Labs’ pricing page shows a free developer tier alongside Core and Pro packaging plus bundled enterprise upsell. | 中 | SP021 |
| CP025 | Switching costs in AppSec come heavily from workflow integrations, historical findings, policy rules, and governance/reporting setup rather than from scanner logic alone. | 中 | SP013, SP014, SP016, SP024 |
| CP026 | Multi-homing is normal in this market because code-only, cloud-only, governance, and pentest tools overlap only partially. | 中 | SP015, SP023, SP025, SP026 |
| CP027 | Aikido’s moat is practical rather than absolute and depends on preserving a better total-cost and signal-to-noise outcome than fragmented alternatives. | 中 | SP001, SP007, SP025, SP026 |
| CP028 | Competitive convergence is increasing because AI remediation, prioritization, and platform bundling are now common narratives across major vendors. | 中 | SP014, SP016, SP020, SP022, SP023 |
| CP029 | Vendor-authored comparison pages are useful for identifying substitutes but should not be treated as neutral benchmarks of feature depth or pricing. | 中 | SP001, SP002, SP003, SP004, SP005, SP006, SP007, SP008, SP009, SP010 |
| CP030 | Aikido also competes against CNAPP and ASPM-style vendors where buyers prioritize context-rich correlation over all-in-one affordability. | 中 | SP003, SP009, SP015, SP022, SP023 |
| CP031 | Supply-chain specialists such as Mend and Endor Labs pressure Aikido on reachability, package intelligence, and dependency-governance depth. | 中 | SP005, SP008, SP020, SP021, SP026 |
| CP032 | Developer-native platforms such as GitHub, GitLab, and Semgrep pressure Aikido on ecosystem lock-in and workflow convenience. | 中 | SP013, SP014, SP017, SP024 |
| CP033 | Enterprise-first vendors such as Veracode and Checkmarx pressure Aikido on governance credibility and large-account trust. | 中 | SP016, SP019, SP026 |
| CP034 | Aikido is likeliest to win when buyers prioritize consolidation, simple onboarding, and transparent cost over maximum specialist depth. | 中 | SP001, SP007, SP009, SP012 |
| CP035 | Aikido is likeliest to lose when buyers need heavyweight governance, incumbent workflow lock-in, or best-of-breed depth in one narrow domain. | 中 | SP014, SP016, SP019, SP026 |
| CP036 | The main competitive risks to moat durability are platform bundling, enterprise trust gaps, code-to-cloud context competition, supply-chain specialization, price compression, and broad feature convergence. | 中 | SP014, SP015, SP016, SP020, SP024, SP025, SP026 |
| CP037 | Independent pricing commentary and competitive guides suggest buyers often look beyond Aikido when they believe deeper specialization outweighs lower cost and simpler bundling. | 低 | SP025, SP026 |
| CP038 | Aikido’s competitive landscape includes direct peers, incumbents, adjacents, platform-native substitutes, and internal-build status quo rather than a single homogeneous peer group. | 中 | SP001, SP002, SP003, SP004, SP005, SP010, SP026 |
| CI001 | Aikido publicly sells a free tier plus Basic, Pro, and Advanced paid tiers with listed platform fees of $350, $700, and $1,050 per month. | 高 | SI001, SI022 |
| CI002 | SourceForge mirrors Aikido's free plan as free forever with 2 users and 10 repositories, reinforcing a deliberate low-friction land motion. | 中 | SI022 |
| CI003 | Official enterprise packaging adds local scanners, SSO, and scale-oriented entitlements rather than only more seats, implying a materially different upmarket offer from the base plans. | 中 | SI001, SI006 |
| CI004 | The pricing page publicly exposes enterprise services including custom SLA, multi-tenant portal, training and onboarding, enterprise support, local deployment, and broker support for internal apps. | 中 | SI001 |
| CI005 | Official startup and Series A materials frame Aikido as freemium, self-service, and built for SMEs and developers who need security without heavyweight security-program overhead. | 高 | SI005, SI008, SI010, SI012 |
| CI006 | Aikido's partner page explicitly describes reseller commissions, MSP administration tooling, and co-sell motions, supporting the existence of a real indirect-revenue channel. | 中 | SI004 |
| CI007 | Aikido raised a $60 million Series B in January 2026 at a $1 billion valuation led by DST Global, with PSG Equity and prior investors also participating. | 高 | SI007, SI011, SI013 |
| CI008 | Official and independent 2026 sources place Aikido's total disclosed funding at roughly $85 million. | 高 | SI002, SI013 |
| CI009 | MandA reports that Aikido raised about €2 million of angel convertible financing before the formal seed round. | 低 | SI015 |
| CI010 | Solutions Magazine reported that Aikido's revenue increased fivefold in 2025 and that about half of revenue came from the United States. | 低 | SI014 |
| CI011 | The same Solutions article reported that Aikido's customer base nearly tripled before the January 2026 Series B. | 低 | SI014 |
| CI012 | Official customer proof says one deployment onboarded 150-plus developers in 45 minutes and saved 10 to 15 developer-hours per month, supporting a low-implementation-cost narrative. | 中 | SI003 |
| CI013 | Aikido's Vanta, Drata, and Sprinto integration pages position the platform as a way to automate evidence for technical vulnerability controls and to replace expensive scanner patchworks. | 中 | SI019, SI020, SI021 |
| CI014 | Enterprise and partner materials together show multi-tenant, admin-portal, and large-scale management capabilities that can support higher-ACV accounts and MSP bundles. | 中 | SI004, SI006 |
| CI015 | Companies House records show AIKIDO SECURITY LTD was incorporated on 2026-04-09 and filed an initial statement of capital of GBP 100 on incorporation. | 高 | SI016, SI017 |
| CI016 | Companies House filing history shows a share consolidation and post-allotment capital filing in May 2026 and a shortened accounting period ending 2027-01-31. | 中 | SI017 |
| CI017 | The Belgian filing-derived summary reports that for the fiscal year ended 2025-01-31 Aikido Security BV had €18,204,968 of assets, €14,728,177 of equity, and €3,476,791 of liabilities. | 中 | SI018 |
| CI018 | The same Belgian filing-derived summary reports a FY2025 gross margin of negative €3,733,554 and operating result of negative €4,426,116. | 中 | SI018 |
| CI019 | The prior Belgian fiscal year ended 2024-01-31 showed a much smaller asset base of €5,648,606 and an operating loss of negative €855,551. | 中 | SI018 |
| CI020 | The retained filing evidence is entity-level rather than a full consolidated group view, so Belgian BV results should not be treated as Aikido's complete global financial statements. | 中 | SI016, SI017, SI018 |
| CI021 | ARR Club's signal page indicates Aikido ARR was above $10 million in January 2026 and reached $25 million by April 2026, but the figures are not management-verified in retained source material. | 低 | SI025 |
| CI022 | Independent review platforms generally portray Aikido as easy to use and broad in security coverage, which supports the product's low-friction value proposition. | 中 | SI022, SI023, SI024 |
| CI023 | G2 users also flag limited API and reporting depth on lower tiers, false positives, and pricing that can feel high for startups. | 中 | SI024 |
| CI024 | SourceForge says Aikido offers API access, cloud and on-prem deployment, and 24/7 live support in addition to published pricing. | 中 | SI022 |
| CI025 | Aikido's public packaging implies a monetization mix spanning recurring subscriptions, enterprise services, and AI- or validation-adjacent upsells rather than a single undifferentiated SaaS fee. | 中 | SI001, SI004, SI022 |
| CI026 | Public materials do not disclose how much revenue is recurring software versus non-recurring services or validation work, making revenue-recognition quality an open diligence issue. | 中 | SI001, SI004, SI022 |
| CI027 | Startup positioning and the Series A narrative suggest Aikido is optimized for low-touch inbound adoption among SMEs before any enterprise expansion motion begins. | 中 | SI005, SI008, SI010, SI012 |
| CI028 | The enterprise page implies a separate higher-ACV motion for larger customers because it emphasizes SSO, large-repo scale, local scanning, and orchestration features not central to the free tier pitch. | 中 | SI006 |
| CI029 | Partner commissions and MSP tooling suggest channel leverage could reduce direct CAC for some segments, but also increase dependence on partners for distribution quality. | 中 | SI004 |
| CI030 | Public headcount indicators conflict materially because BankInfoSecurity reported 164 employees in January 2026. | 中 | SI013 |
| CI031 | The combination of an ~$85 million disclosed funding base and €14.7 million of FY2025 BV equity indicates strong capital support, but not a disclosed post-Series-B cash balance. | 中 | SI002, SI013, SI018 |
| CI032 | Retained public evidence still does not disclose CAC, payback, NRR, GRR, consolidated gross margin, cash, debt, or runway months. | 中 | SI002, SI007, SI011, SI018 |
| CI033 | The Belgian filing-derived losses show that public filings do not yet support a thesis that Aikido had reached self-funded profitability before the Series B. | 中 | SI018 |
| CI034 | Aikido likely has enough capital to keep investing in autonomous security and international scale, but investors cannot calculate runway months from retained public evidence. | 中 | SI002, SI007, SI013, SI014 |
| CI035 | Customer proof and compliance-integration materials present Aikido as a fast time-to-value product that can save developer time and accelerate audit evidence collection. | 中 | SI003, SI019, SI020, SI021 |
| CI036 | Official compliance pages describe a market in which patchworks of scanners create massive bills, strengthening Aikido's disruptive-pricing narrative. | 中 | SI001, SI019, SI020, SI021 |
| CI037 | Aikido's combination of transparent list pricing and freemium self-service supports a classic land-and-expand model. | 高 | SI001, SI005, SI008, SI022 |
| CI038 | Reseller, MSP, and technology-partner motions indicate that Aikido is pursuing non-seat expansion through bundles and indirect distribution as well as direct subscriptions. | 中 | SI004 |
| CI039 | The creation and capital filings of a new U.K. entity in 2026 indicate ongoing international legal structuring as Aikido scales. | 中 | SI016, SI017 |
| CI040 | The main financial underwriting blockers are missing consolidated statements, missing revenue-quality metrics, and no public visibility into cash durability or concentration risk. | 中 | SI016, SI017, SI018 |
| CI041 | Aikido's current official about page lists an employee size of 200-plus. | 中 | SI002 |
| CI042 | The current platform page doubles down on Aikido's unified-platform, less-noise, less-tool-sprawl positioning, which supports the company's low-friction value narrative. | 中 | SI027 |
| CI043 | The Aikido Infinite page says every push to staging can trigger a scoped pentest and validated retest cycle before production, reinforcing management's intention to invest further in autonomous security workflows. | 中 | SI007, SI028 |
| CI044 | The UK persons-with-significant-control page shows no registrable person or registrable relevant legal entity for AIKIDO SECURITY LTD as of 2026-04-09, which limits what can be inferred publicly about group ownership from the UK filing alone. | 中 | SI029 |
| CE001 | Official module pages show Aikido selling one platform across code scanning, cloud security, offensive testing, and runtime protection rather than a single scanner. | 高 | SE001, SE005, SE006, SE007 |
| CE002 | The code layer publicly includes SAST, SCA, secrets, IaC, container image scanning, and SBOM or compliance-oriented outputs. | 高 | SE001, SE002, SE003, SE004, SE011 |
| CE003 | The cloud and asset layer publicly includes CSPM, VM and runtime inventory, outdated runtime detection, and cloud search across AWS, Azure, and GCP. | 高 | SE005, SE014, SE015 |
| CE004 | The attack surface layer includes API scanning, DAST or surface monitoring, pentests, and the newly launched continuous-pentest narrative under Aikido Infinite. | 中 | SE006, SE016, SE026, SE032 |
| CE005 | The runtime layer centers on Zen, an in-app firewall that is distinct from pre-deploy scanning modules. | 高 | SE007, SE012, SE022, SE023 |
| CE006 | Workflow materials show IDE support, PR scanning, CI or CD use, AutoFix, reporting, and compliance export surfaces as core parts of the product operating model. | 中 | SE010, SE013, SE017, SE018 |
| CE007 | Aikido’s onboarding model mixes source-control and cloud integrations with optional local scanning and runtime libraries, so the full platform is neither pure SaaS-only nor agent-heavy by default. | 中 | SE008, SE012, SE013, SE014 |
| CE008 | Trust-center and cloud materials emphasize read-only or minimal-permission access for core repo and cloud scanning. | 高 | SE005, SE008 |
| CE009 | Code-scanning docs show local scanners and CI integrations as part of the operating model for customers that cannot rely only on hosted repository analysis. | 中 | SE013, SE031 |
| CE010 | Container scanning is designed to link registries, code repositories, VMs, containers, and cloud assets instead of treating images as isolated artifacts. | 中 | SE005, SE015 |
| CE011 | Container and SBOM materials document raw SBOM export plus license, VEX, CycloneDX, SPDX, and runtime or EOL tracking outputs. | 高 | SE011, SE015 |
| CE012 | API scanning relies on provided specs and traffic-derived discovery, supports REST and GraphQL, and uses fuzzing plus authenticated testing. | 中 | SE006, SE018 |
| CE013 | Aikido positions AutoFix as PR-oriented remediation across code, dependency, IaC, and container findings rather than silent in-place modification. | 中 | SE001, SE002, SE004, SE010 |
| CE014 | The product’s differentiation pitch is low-noise triage, with official claims of major false-positive or noise reduction for SAST and SCA. | 中 | SE001, SE002, SE031 |
| CE015 | Aikido’s SAST story is tightly linked to Opengrep, which it backs publicly as an open-source engine and consortium project. | 高 | SE001, SE009, SE024, SE025 |
| CE016 | Opengrep presents open governance, LGPL licensing commitments, SARIF or JSON outputs, and broad language coverage, giving Aikido an auditable static-analysis foundation. | 高 | SE024, SE025 |
| CE017 | GitHub shows a sizable public developer surface with 56 repositories under AikidoSec, which is unusual for a young AppSec vendor and supports the developer-first thesis. | 中 | SE019 |
| CE018 | GitHub Marketplace distribution with a verified listing and 47k-plus installs indicates a real self-serve repo-install motion beyond sales-led enterprise onboarding. | 中 | SE020 |
| CE019 | Safe Chain is a tokenless local proxy that blocks malicious packages across npm-family and Python tooling and enforces a default 48-hour minimum package age. | 中 | SE021 |
| CE020 | Safe Chain extends Aikido’s product surface to developer workstations and CI dependency-install time, not just central scanning dashboards. | 中 | SE019, SE021 |
| CE021 | Zen’s technical docs describe runtime tracing of user input to dangerous sinks, which is materially different from edge-only request inspection. | 高 | SE007, SE012, SE022, SE023 |
| CE022 | Zen also adds bot, Tor, and country blocking, user-aware rate limiting, OpenAPI generation, and AI monitoring signals. | 中 | SE007, SE012 |
| CE023 | Official and GitHub materials together show Zen coverage across Node, Python, PHP, Java, .NET, Ruby, and Go. | 中 | SE007, SE019, SE022, SE023 |
| CE024 | Aikido says its AI is used across IDE assistance, triage, custom rules, AutoFix, OpenAPI generation, cloud rule generation, runtime monitoring, and pentesting. | 中 | SE010, SE018 |
| CE025 | Public AI and trust materials say the company uses inference-only handling, does not train on customer data, and does not retain customer code after analysis. | 高 | SE008, SE018 |
| CE026 | Trust-center materials state Aikido holds ISO 27001:2022 and SOC 2 Type II and runs annual pentests plus a public bug bounty. | 中 | SE008 |
| CE027 | Trust-center materials say repository clones are temporary, scans are read-only by default, and local or on-prem scanning is available for stricter environments. | 中 | SE008, SE013 |
| CE028 | FedRAMP is described as actively implementing rather than achieved, so public-sector readiness messaging is roadmap-stage rather than certification-complete. | 中 | SE008 |
| CE029 | Documentation shows reporting as a core product surface with security audit, trends, malware monitor, runtime or framework, SLA, team comparison, and compliance reports. | 高 | SE008, SE017 |
| CE030 | SBOM and compliance outputs are tied to CRA, EO, FDA, and customer-evidence workflows rather than being only raw export formats. | 中 | SE010, SE011, SE017 |
| CE031 | External review platforms consistently praise onboarding speed, breadth, integration quality, and reduction of alert fatigue. | 中 | SE029, SE030, SE031 |
| CE032 | Those same review platforms still surface product gaps around API depth, lower-tier reporting, occasional false positives, and price sensitivity for smaller buyers. | 中 | SE029, SE030 |
| CE033 | Review evidence implies Aikido’s practical differentiation is breadth plus workflow fit, not necessarily deepest specialist capability in every module. | 中 | SE001, SE005, SE029, SE031 |
| CE034 | SourceForge and Capterra mirror packaging from entry tiers into broader advanced modules, showing that product breadth is commercialized through gated entitlements rather than one universal bundle. | 中 | SE030, SE031 |
| CE035 | Independent 2026 coverage frames Aikido’s next act as continuous AI-driven pentesting and remediation on every release under Aikido Infinite. | 中 | SE026, SE028, SE032 |
| CE036 | BankInfoSecurity says the Series B is intended to scale and automate AI pentesting, showing offensive testing is strategic rather than a side feature. | 中 | SE028 |
| CE037 | Security Systems News reports that Allseek and Haicker were acquired to deepen automated pentesting and AI-assisted offensive-security capability. | 中 | SE027 |
| CE038 | Docs on pentest coverage show meaningful public scope around OWASP classes, logic flaws, and escalation, but public benchmark methodology remains limited. | 低 | SE016, SE026 |
| CE039 | Product maturity appears uneven: code and cloud scanning plus reporting look established, while continuous self-securing pentesting is newer and still proof-building. | 中 | SE001, SE005, SE017, SE026, SE028 |
| CE040 | Aikido’s control plane is heavily dependent on external ecosystems such as git providers, cloud APIs, registries, OpenAPI or traffic inputs, and OSS engines like Opengrep and Zen. | 中 | SE013, SE014, SE015, SE024 |
| CE041 | The public product architecture therefore depends on continued vendor or API compatibility and open-source maintenance, which is a real but manageable operational dependency. | 中 | SE020, SE024, SE025 |
| CE042 | Marketplace distribution, GitHub org activity, and OSS repo footprint together show Aikido ships product components in developer-native channels rather than only through polished marketing. | 高 | SE009, SE019, SE020, SE021, SE022, SE023 |
| CE043 | Public trust and docs support a strong security and privacy posture, but they do not yet publish the deeper evidence a regulated buyer would want on FedRAMP scope, Zen telemetry schemas, or Infinite benchmark data. | 中 | SE008, SE012, SE016, SE026 |
| CE044 | Overall, the retained evidence supports a credible product and technology thesis built on integrated workflow, open-source leverage, and low-noise automation, with the main remaining risks concentrated in newer offensive-testing claims and enterprise-grade trust depth. | 中 | SE001, SE005, SE024, SE026, SE031 |
| CU001 | Aikido’s May 2024 Series A post said the product was already used by over 3,000 organizations and 6,000 individual developers. | 中 | SU004 |
| CU002 | Aikido’s January 2026 Series B post said the product was used by more than 100,000 teams globally. | 中 | SU003 |
| CU003 | Aikido’s January 2026 Series B post said the customer base had more than tripled over the prior year. | 中 | SU003 |
| CU004 | Public customer-growth disclosures mix organizations, individual developers, and teams, so the trajectory is clearly positive but the denominators are not directly comparable. | 中 | SU003, SU004 |
| CU005 | Aikido’s customer-stories index explicitly spans Startup, Scaleup, and Enterprise customer-size buckets. | 中 | SU002 |
| CU006 | Fetched public customer proof spans HealthTech, HRTech, LegalTech, HospitalityTech, SecurityTech, Manufacturing, Software Development, education, and PE or group-company environments. | 中 | SU002, SU008, SU014, SU015, SU019, SU020, SU021 |
| CU007 | The quoted users in Aikido’s public stories are mostly CTOs, CISOs, VP Engineering, platform leaders, DevSecOps engineers, security engineers, and developers rather than procurement staff. | 中 | SU007, SU008, SU010, SU016, SU017, SU018, SU019, SU021 |
| CU008 | Aikido’s enterprise page says the enterprise-tailored plan covers 2,000 repositories, 1,000 containers, 100 cloud accounts, and 500 users. | 中 | SU006 |
| CU009 | Aikido’s pricing and enterprise pages show multi-tenant, local or on-prem deployment, enterprise support, training, and security-reporting features intended for larger buyers. | 中 | SU005, SU006 |
| CU010 | Aikido’s Series B marketing cites Premier League, SoundCloud, Niantic, and Revolut as customers, but those examples are mostly logo-level in the fetched funding materials. | 中 | SU003, SU028, SU030, SU031 |
| CU011 | Visma’s story says Aikido rollout covers more than 200 portfolio companies, 6,000 developers, and a 15,000-person software group. | 中 | SU007 |
| CU012 | Aikido’s 2024 Series A post separately said Visma chose the company to secure 175+ portfolio companies, corroborating a multi-entity rollout motion. | 高 | SU004, SU007 |
| CU013 | Oviva says it onboarded more than 75 developers and connected more than 200 repositories within a few weeks. | 中 | SU008 |
| CU014 | AutoStore says about 100 repositories and 100 developers were rolled out in a few weeks, largely by one security engineer. | 中 | SU011 |
| CU015 | HeyJobs says Aikido now monitors 95 repositories, 31 container registries, and 9 connected cloud environments. | 中 | SU017 |
| CU016 | Render says Aikido supports security work across roughly 30 active repositories and around 50 developers while consolidating DAST and SAST. | 中 | SU016 |
| CU017 | n8n says its engineering organization is about 40 engineers inside a roughly 50-person R&D team and that Aikido helps enforce 21-day high-severity resolution timelines. | 中 | SU010 |
| CU018 | Simployer says Aikido helped developers fix issues in under a minute. | 中 | SU014 |
| CU019 | Birdie says Aikido can reduce issue resolution to about 30 seconds through click-to-merge autofix workflows. | 中 | SU001, SU012 |
| CU020 | Petrosea says its fastest fix happened five seconds after detection and that compliance-reporting time fell by at least 80 percent. | 中 | SU001, SU015 |
| CU021 | n8n reports 92 percent noise reduction with Aikido. | 高 | SU005, SU010 |
| CU022 | Supermetrics reports 75 percent noise reduction and says Aikido integrates directly with CI or CD, Jira, and Slack. | 中 | SU018 |
| CU023 | Pathful says total open issues fell 60 percent over two weeks after adoption. | 中 | SU020 |
| CU024 | Jurimesh says Aikido and Vanta save about 10 to 15 hours per month and strengthen the security validation points needed to win deals. | 中 | SU019 |
| CU025 | Prove says Aikido replaced six separate AppSec tools with one platform. | 中 | SU009 |
| CU026 | Go Autonomous says it left Snyk after a backlog of more than 1,000 vulnerabilities and found Aikido materially more actionable. | 中 | SU013 |
| CU027 | Across fetched customer stories, Aikido is shown against or in place of Snyk, GitHub Advanced Security, Semgrep, Detectify, Tenable, Black Duck, Endor Labs, and various open-source stacks. | 中 | SU002, SU008, SU011, SU013, SU016, SU017 |
| CU028 | Workflow embed is a visible repeat-usage proxy because customers cite integrations into GitHub, GitLab, Azure DevOps, CI/CD, Slack, Jira, Linear, Vanta, and PagerDuty. | 中 | SU005, SU010, SU014, SU016, SU017, SU018, SU019, SU021 |
| CU029 | Compliance and audit readiness are recurring buying triggers across healthtech, HR, legal, education, and transaction-heavy software customers. | 中 | SU008, SU012, SU014, SU019, SU020, SU022 |
| CU030 | Aikido’s public customer proof shows real adoption among software-led digital operators and compliance-sensitive engineering organizations, not only security vendors. | 中 | SU007, SU008, SU010, SU014, SU015, SU016, SU017, SU018, SU019, SU020, SU021, SU022 |
| CU031 | G2 shows a 4.6 out of 5 rating from 139 reviews and summarizes user feedback as easy to use and actionable. | 中 | SU023 |
| CU032 | TrustRadius shows an 8.1 out of 10 score from 2 reviews, which is positive but a very small sample. | 中 | SU024 |
| CU033 | FeaturedCustomers says Aikido has 46 reviews and testimonials, 35 case studies, and 5 customer videos. | 中 | SU025 |
| CU034 | PeerSpot adds another independent review surface for Aikido, but the fetched page was shallow and materially less informative than G2 or TrustRadius. | 低 | SU026 |
| CU035 | G2’s adverse side includes complaints that pricing can be steep for smaller businesses and that larger environments want deeper customization, reporting, or cheaper pentest pricing. | 中 | SU023 |
| CU036 | SourceForge lists 6 user reviews and an overall 5.0 out of 5 score, but it behaves more like a software-directory surface than an audited customer census. | 低 | SU027 |
| CU037 | Public repeat-usage proxies are visible because n8n says the team checks the main feed at least five times a week, Render embeds review and reporting into routine operations, and Jurimesh pushes continuous evidence into Vanta. | 中 | SU010, SU016, SU019 |
| CU038 | No fetched public source discloses exact current paying organizations, NRR, GRR, gross churn, logo churn, contract length, or top-customer concentration. | 中 | SU001, SU003, SU023, SU024 |
| CU039 | The strongest public evidence underwrites product usefulness and deployment depth rather than durable retention economics. | 中 | SU007, SU008, SU010, SU014, SU015, SU016, SU017, SU023, SU024 |
| CU040 | Aikido’s visible expansion vectors are consolidation, workflow integration, enterprise features, and portfolio rollout rather than publicly disclosed seat-expansion metrics. | 中 | SU005, SU006, SU007, SU009, SU016, SU017, SU021 |
| CU041 | Most concrete public references are Aikido-authored customer stories, so the public customer narrative is curated even though it is unusually detailed. | 中 | SU002, SU007, SU008, SU010, SU014, SU015, SU016, SU017, SU021, SU022 |
| CU042 | Because Aikido’s headline 2026 figure is 100,000 plus teams rather than organizations, public materials do not show how many of those teams are inside the same paying customer. | 中 | SU003, SU028, SU030, SU031 |
| CU043 | Aikido’s public customer proof is strongest where security ownership sits close to engineering workflows rather than in purely procurement-led buying motions. | 中 | SU007, SU008, SU010, SU016, SU017, SU018, SU021 |
| CU044 | Aikido still appears useful for smaller or self-serve teams because G2 praises the free tier and the customer page highlights fast onboarding and low-friction rollout. | 中 | SU001, SU023 |
| CU045 | TechCrunch independently reported about 3,000 small-to-midsize customers in 2024, broadly corroborating Aikido’s historical organization-count narrative. | 中 | SU029 |
| CU046 | Yahoo Finance, Tech.eu, and SiliconANGLE all repeated the 2026 narrative that Aikido served more than 100,000 teams and had nearly three-times customer growth. | 中 | SU028, SU030, SU031 |
| CU047 | Smartendr says Aikido’s AI pentest surfaced 54 validated findings and produced a structured report useful in partner, audit, and due-diligence conversations. | 中 | SU022 |
| CU048 | Human Security says Aikido moved application security into CI/CD and expanded coverage across code, SAST, SCA, secrets, containers, and registries. | 中 | SU021 |
| CR001 | Aikido says it does not store customer code after analysis and that repository clones run in temporary docker containers that are removed after scans complete. | 高 | SR001, SR005 |
| CR002 | Aikido says online GitHub integrations do not store refresh or access tokens in its database and that integrations require read-only scope by default. | 高 | SR001, SR005 |
| CR003 | Aikido offers local or on-prem scanning paths, and its pricing page markets local deployment and an internal-app broker for buyers that want code and private assets scanned off the public internet. | 高 | SR001, SR011, SR018 |
| CR004 | Aikido’s trust center says its system and control design were examined against SOC 2 Type II and ISO 27001:2022 requirements. | 中 | SR001 |
| CR005 | Aikido publicly says it runs yearly third-party pentests and maintains a continuous bug bounty program to catch issues early. | 高 | SR001, SR019 |
| CR006 | The Intigriti program applies safe harbour, publishes validation timelines, and advertises rewards up to €2,500, creating a visible external vulnerability-disclosure channel. | 中 | SR019 |
| CR007 | Aikido markets exportable security reports covering SOC 2, ISO 27001, and OWASP Top 10 plus scan history, issue insights, time to fix, SLA compliance, exposure windows, and GDPR data-region monitoring. | 高 | SR001, SR012 |
| CR008 | The public status page currently shows only one named component—Aikido Website—and reports 100% uptime over the visible February-to-May 2026 window. | 中 | SR004 |
| CR009 | Aikido’s privacy policy says GDPR is the main benchmark for its company-wide privacy program and also references CCPA and the UK Data Protection Act as additional principles. | 中 | SR002 |
| CR010 | The privacy policy says Aikido collects work-contact and connection or localization data, does not sell personal information, and shares it with third parties facilitating service delivery. | 中 | SR002 |
| CR011 | Aikido’s privacy and terms pages identify Aikido Security BV at Coupure Rechts 88 in Gent, and independent registry surfaces list the company as active with enterprise number 0792.914.919 and an active LEI record. | 高 | SR002, SR003, SR030, SR031, SR032 |
| CR012 | Aikido’s site terms say the public site is not tailored to HIPAA, FISMA, or GLBA-regulated interactions. | 中 | SR003 |
| CR013 | Aikido’s compliance-reporting docs list customer-facing pages for ISO 27001, SOC 2, OWASP Top 10, CIS, NIS2, NIST 800-53, PCI, HIPAA, DORA, HITRUST, ENS, GDPR, and UK Cyber Essentials. | 中 | SR012 |
| CR014 | Aikido’s OSS Licenses documentation assigns legal risk to detected licenses, supports overrides and internal-package marking, and lets users export SBOMs for audit purposes. | 高 | SR013, SR016 |
| CR015 | Aikido markets reachability-based SCA, AI-assisted fixes, auto-generated pull requests, and SBOM output that it says is compliance-ready for EU CRA and US executive-order needs. | 高 | SR013, SR015 |
| CR016 | Aikido says its SCA intelligence is cross-referenced with NVD, GitHub Advisory, and more than 10 external feeds. | 中 | SR015 |
| CR017 | Aikido’s public product-check documentation spans repository, cloud, container, and domain views plus malware, runtimes, and license reporting. | 高 | SR014, SR015 |
| CR018 | PR Gating checks open-source dependencies, IaC, secrets, SAST, malware, license risk, and code quality before code reaches production. | 高 | SR009, SR014 |
| CR019 | Aikido’s gating options include native GitHub, GitLab, Bitbucket, and Azure integrations as well as CLI and API paths for other CI environments. | 中 | SR009 |
| CR020 | Aikido’s GitHub integration mirrors organizations, repositories, teams, and instant membership changes, tying workspace access directly to GitHub state. | 中 | SR006 |
| CR021 | Outside collaborators do not receive automatic workspace access through Aikido’s GitHub mapping and must be invited by another login path. | 中 | SR006 |
| CR022 | Aikido’s cloud-scanning docs support AWS, Azure, and GCP, including AWS organization and Azure management-group coverage. | 中 | SR007 |
| CR023 | Aikido can create Jira tickets and Slack alerts when new vulnerabilities are found, making remediation workflow integrations part of the operating model. | 中 | SR008 |
| CR024 | Zen Firewall embeds directly into customer code and promises blocking for injection and path-traversal attacks, rate limiting, malicious-traffic blocking, country controls, and outbound monitoring. | 中 | SR010 |
| CR025 | Zen Firewall currently lists support for Node.js, Python, PHP, Java, .NET, Ruby, and Golang beta. | 中 | SR010 |
| CR026 | Aikido’s local-scanning docs warn that Local Scan accounts do not have AutoFix in the UI, creating a parity gap versus the hosted workflow. | 中 | SR011 |
| CR027 | Official customer stories present Aikido as a migration target against tools such as Snyk, GitHub Advanced Security, Semgrep, Checkmarx, Black Duck, Mend, and Veracode. | 中 | SR017 |
| CR028 | Official customer proof and pricing testimonials repeatedly emphasize 75-92% noise reduction, fast onboarding, and very fast remediation as core value claims. | 高 | SR017, SR018 |
| CR029 | Aikido’s enterprise package adds custom SLA, enterprise support, multi-tenant management, local deployment, and brokered scanning for internal applications. | 中 | SR018 |
| CR030 | One pricing-page customer quote says Aikido’s rapid response during the 2025 NPM supply-chain attacks reinforced trust in the platform as an enterprise partner. | 中 | SR018 |
| CR031 | Capterra shows strong feature ratings for vulnerability scanning, application security, cloud application security, auditing, and prioritization, but the public review sample is still small. | 中 | SR020 |
| CR032 | PeerSpot frames Aikido toward non-enterprise SaaS teams of 10-500 developers and describes a product-led growth and freemium motion. | 中 | SR021 |
| CR033 | PeerSpot highlights custom scans via tools like SonarQube and runtime protection via an embedded firewall, while Aikido’s own workflow docs tie the platform into Jira and Slack. | 中 | SR021, SR008 |
| CR034 | TrustRadius describes Aikido as deeply integrated from IDEs and task managers to CI/CD gating, automated compliance, CSPM, and runtime protection. | 中 | SR022 |
| CR035 | A TrustRadius reviewer says they would like Aikido to add RMM agents that report infrastructure statuses back to the Aikido cloud. | 中 | SR022 |
| CR036 | The European Commission’s CRA page says digital products should be designed, updated, and maintained to protect users throughout their lifecycle. | 高 | SR023, SR015 |
| CR037 | ENISA and the European Commission describe NIS2 as expanding scope and strengthening cybersecurity risk-management and reporting obligations across EU entities. | 高 | SR024, SR025 |
| CR038 | EBA and EIOPA describe DORA as a digital-resilience regime for financial entities that includes oversight of critical ICT third-party providers. | 高 | SR026, SR027, SR028 |
| CR039 | Because Aikido markets compliance pages for NIS2, DORA, GDPR, and CRA-linked needs, customers are likely to test not just scanner breadth but whether those mappings stand up during audit and procurement. | 中 | SR012, SR023, SR024, SR026 |
| CR040 | Because Aikido is API-based and integration-heavy across SCM, cloud, ticketing, and CI surfaces while local scanning lacks UI AutoFix, permission changes or privacy-sensitive deployments can directly affect coverage and product parity. | 中 | SR001, SR006, SR007, SR011 |
| CV001 | Aikido raised a $60 million Series B in January 2026 at a $1 billion valuation. | 高 | SV001, SV002, SV003 |
| CV002 | The visible funding path is €5 million seed in 2023, $17 million Series A in 2024, $60 million Series B in 2026, plus approximately €2 million of early convertible funding. | 高 | SV001, SV005, SV032, SV033 |
| CV003 | Public company and media sources say Aikido serves 100,000+ teams globally and grew revenue 5x while more than tripling its customer base over the prior year. | 高 | SV001, SV004 |
| CV004 | BankInfoSecurity reported that Aikido employed 164 people and had raised nearly $85 million in outside funding by January 2026. | 高 | SV001, SV003 |
| CV005 | ARR Club reported that Aikido crossed $10 million ARR in January 2026 and $25 million ARR in April 2026, but those milestones are external signals rather than management-verified disclosure. | 低 | SV006 |
| CV006 | The Belgian BV filing summary shows FY2025 assets of €18.2 million, equity of €14.7 million, and liabilities of €3.48 million. | 中 | SV009 |
| CV007 | The same Belgian filing shows negative gross margin of €3.73 million and operating loss of €4.43 million for the fiscal year ended 2025-01-31, indicating the reporting entity was still in investment mode. | 中 | SV009 |
| CV008 | Companies House filing history shows AIKIDO SECURITY LTD filed a GBP 100,000 statement of capital after an allotment on 9 April 2026 and shortened its accounting period to 31 January 2027. | 高 | SV007, SV008 |
| CV009 | Publicly retained sources do not disclose consolidated GAAP revenue, gross margin, NRR, burn, debt schedule, or liquidation-preference detail for Aikido. | 高 | SV001, SV006, SV008, SV009 |
| CV010 | Aikido's Series A messaging points to a freemium, self-service, developer-led GTM motion rather than an enterprise-only sales model. | 中 | SV032 |
| CV011 | Using the April 2026 ARR Club milestone of $25 million, Aikido's $1 billion valuation implies roughly 40x ARR. | 中 | SV001, SV006 |
| CV012 | Using the January 2026 ARR Club milestone of just above $10 million, the same $1 billion mark implies roughly 100x ARR. | 中 | SV001, SV006 |
| CV013 | CrowdStrike's May 2026 market cap of $164.99 billion and TTM revenue of $4.81 billion imply roughly a 34.3x market-cap-to-revenue proxy. | 高 | SV013, SV014, SV015 |
| CV014 | GitLab's May 2026 market cap of $4.32 billion and TTM revenue of $0.95 billion imply roughly a 4.5x market-cap-to-revenue proxy. | 高 | SV016, SV017, SV018 |
| CV015 | Tenable's May 2026 market cap of $2.77 billion and TTM revenue of $1.02 billion imply roughly a 2.7x market-cap-to-revenue proxy. | 高 | SV019, SV020, SV021 |
| CV016 | Qualys's May 2026 market cap of $3.55 billion and TTM revenue of $0.68 billion imply roughly a 5.2x market-cap-to-revenue proxy. | 高 | SV022, SV023, SV024 |
| CV017 | Palo Alto Networks' May 2026 market cap of $205.11 billion and TTM revenue of $9.89 billion imply roughly a 20.7x market-cap-to-revenue proxy. | 高 | SV025, SV026, SV027 |
| CV018 | Rapid7's May 2026 market cap of $0.47 billion and TTM revenue of $0.85 billion imply roughly a 0.6x market-cap-to-revenue proxy, illustrating how severely security names can de-rate. | 中 | SV028, SV029 |
| CV019 | TechCrunch reported that Snyk hit $300 million ARR and was most recently valued at $7.4 billion, implying roughly a 24.7x ARR private AppSec benchmark. | 中 | SV031 |
| CV020 | Wiz's 2024 $1 billion funding round at a $12 billion valuation marks the highest-quality private security premium benchmark in the retained set. | 中 | SV030 |
| CV021 | May 2026 software multiples were highly dispersed, with growth, profitability, and category positioning driving premiums rather than broad TAM alone. | 中 | SV011, SV012 |
| CV022 | Relative to retained public comparables ranging from roughly 0.6x to 34.3x and private benchmarks around 24.7x, Aikido's public implied 40x-100x ARR band looks stretched. | 高 | SV001, SV006, SV013, SV014, SV016, SV017, SV019, SV020, SV022, SV023, SV025, SV026, SV028, SV029, SV031 |
| CV023 | The current mark is easier to rationalize if Aikido was already near $25 million ARR and much harder to underwrite if the round closed closer to low-teens ARR. | 高 | SV001, SV004, SV006 |
| CV024 | Public evidence confirms financing and growth direction but does not provide enough operating or cap-table detail to underwrite the present price with high conviction. | 高 | SV001, SV003, SV008, SV009 |
| CV025 | The core bull thesis is that Aikido can turn a unified code-to-cloud platform plus AI pentesting into a premium developer-security compounder. | 高 | SV001, SV003, SV032 |
| CV026 | The core anti-thesis is that valuation has outrun public operating proof: ARR remains externally estimated, filing evidence still shows losses, and key SaaS quality metrics are unavailable. | 高 | SV006, SV009, SV001 |
| CV027 | Adverse review evidence indicates some users still see limited API or reporting depth and pricing pressure on lower tiers, which is inconsistent with an unquestioned premium-multiple story. | 低 | SV010 |
| CV028 | No retained public source discloses Aikido's liquidation preferences, anti-dilution structure, or any secondary pricing for late-entry investors. | 中 | SV008, SV009 |
| CV029 | A 2x outcome from a $1 billion entry requires roughly a $2 billion exit, which in turn implies around $100 million ARR at 20x or a similar exceptional strategic premium. | 中 | SV001, SV006, SV017, SV025 |
| CV030 | If Aikido converged toward a GitLab / Qualys-like 4x-5x public multiple on $45 million ARR, equity value would sit roughly around $180 million to $225 million. | 中 | SV016, SV017, SV022, SV023 |
| CV031 | If Aikido reaches roughly $80 million to $100 million ARR and still earns an 18x-20x premium, valuation could land around $1.4 billion to $2.0 billion. | 中 | SV013, SV014, SV025, SV026 |
| CV032 | A reasonable base case is roughly $45 million to $60 million ARR valued at 10x-12x, implying about $450 million to $720 million of value. | 中 | SV011, SV012, SV016, SV017 |
| CV033 | A bear case of roughly $25 million to $35 million ARR at 5x-7x implies only about $125 million to $245 million of value. | 中 | SV015, SV018, SV022, SV029 |
| CV034 | For new-money investors using only public evidence, the current valuation should be treated as stretched rather than attractive. | 中 | SV001, SV006, SV013, SV016, SV022, SV028 |
| CV035 | Existing insiders may rationally hold exposure because recent capital and visible momentum still leave room for upside if Aikido proves premium economics later. | 中 | SV001, SV003, SV024 |
| CV036 | Aikido does not appear IPO-ready on public evidence; strategic optionality or another private round looks more plausible than a near-term listing. | 高 | SV001, SV008, SV009 |
| CV037 | The UK entity formation and subsequent capital filings suggest Aikido is still organizing an international reporting perimeter rather than presenting a mature public-company structure. | 高 | SV007, SV008, SV009 |
| CV038 | The highest-priority missing diligence items are consolidated ARR / revenue, gross margin, retention, and the preference stack. | 高 | SV006, SV008, SV009, SV001 |
| CV039 | Comparable analysis for private AppSec remains partial because many peers disclose either a valuation or an ARR milestone, but not both on the same timeline. | 中 | SV019, SV020, SV030, SV031 |
| CV040 | The 2026 software-multiple environment argues for discounting, not premiuming, companies whose growth may be strong but whose profitability and retention are still undisclosed. | 中 | SV011, SV012 |
| CV041 | Aikido's official Series B narrative makes AI penetration testing and self-securing software the main mechanism for future premium growth. | 高 | SV001, SV002 |
| CV042 | Without evidence that AI pentesting materially improves ARPU, retention, or gross margin, the upside case remains narrative rather than proof. | 高 | SV001, SV009, SV010 |
| 编号 | 出版方 | 标题 | 引文 |
|---|---|---|---|
| SO001 | Aikido Security | About | Aikido Security | Founded in Ghent, Belgium, Aikido Security builds developer-first security products, with a vision for self-securing software. |
| SO002 | Aikido Security | Careers | Aikido Security | Remote-friendly, with a home base in Belgium and regular company offsites to bring everyone together. |
| SO003 | Aikido Security | Pricing | Aikido Security | Free plan (free forever, incl. 2 users, 10 repos, and more). |
| SO004 | Aikido Security | Customers | In just 45 minutes, we onboarded 150+ developers with Aikido. |
| SO005 | Aikido Security | Press Kit | Aikido Security | Founded in Ghent, Belgium, Aikido Security builds developer-first security products, with a vision for self-securing software. |
| SO006 | Aikido Security | Aikido Security Raises $60M at a $1B valuation | Today, Aikido is used by 100,000+ teams globally, including customers like the Premier League, SoundCloud, Niantic, and Revolut. |
| SO007 | Aikido Security | We just raised our $17 million Series A | We've raised $17M to bring no BS security to devs. |
| SO008 | PR Newswire | Aikido Security raises €5m to offer best-in-class noise reduction in its security solution for growing SaaS businesses | Aikido Security is on a mission to deliver the best noise reduction in a 9-in-1 security platform. |
| SO009 | PR Newswire | Aikido lands $17M Series A to bring it's 'no BS' security platform for developers to SMEs world-wide | Launched in April 2023, Aikido is already used by over 3,000 organizations and 6,000 developers. |
| SO010 | Yahoo Finance / GlobeNewswire | Aikido Security Raises $60 Million Series B at $1 Billion Valuation to Lead Software Security | Aikido Security has raised $60 million USD in a Series B funding round at a $1 billion valuation, led by DST Global. |
| SO011 | TechCrunch | Belgium's Aikido lands $17M Series A for its 'no BS' security platform aimed at developers | We are the no BS platform. |
| SO012 | EU-Startups | Ghent-based Aikido secures over €16 million to bring it’s security platform for developers to SMEs world-wide | The investment will go towards developing the functionality of the software and further growing the Aikido customer base. |
| SO013 | Tech Funding News | Aikido Security lands $17M to globalise its expand security platform for developers to SMEs | |
| SO014 | PSG Equity | Aikido Security announces $60m Series B investment, with participation from PSG Equity | Aikido Security announces $60m Series B investment, with participation from PSG Equity. |
| SO015 | SiliconANGLE | Aikido Security raises $60M round at $1B valuation to unify application security | |
| SO016 | The Next Web | Belgian cybersecurity startup becomes unicorn | |
| SO017 | Tech.eu | $60M Series B propels Aikido into the global unicorn ranks | |
| SO018 | BankInfoSecurity | Aikido Gets $60M Series B to Scale, Automate AI Pen Testing | Aikido, founded in 2022, employs 164 people and has raised nearly $85 million in four rounds of outside funding. |
| SO019 | Solutions Magazine | Aikido Security, Belgium's seventh unicorn | Founded in Ghent in 2022 by Willem Delbare, Roeland Delrue, and Felix Garriau, Aikido Security develops a security platform used by 25,000 organizations worldwide. |
| SO020 | MandA | How a Belgian cybersecurity start-up scored a record venture capital deal | Initially, the business was self-funded, but the founders went on to successfully raise 2 million euros in convertible loans in an angel round in their first year. |
| SO021 | G2 | Aikido Security Pros and Cons: Top Advantages and Disadvantages | Users note limited features in Aikido, especially regarding API functionalities and reporting on lower-tier plans. |
| SO022 | Capterra | Aikido Security Software Pricing, Alternatives & More 2026 | Capterra | |
| SO023 | SourceForge | Aikido Security | Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast automatic vulnerability fixes. |
| SO024 | Help Net Security | Aikido Infinite introduces continuous, self-remediating AI penetration testing | Aikido Security has unveiled Aikido Infinite, a continuous AI penetration testing solution that autonomously validates and remediates vulnerabilities. |
| SO025 | Security Systems News | Aikido Security acquires Allseek and Haicker | Aikido Security has announced the acquisition of AI-native penetration testing platform developers Allseek and Haicker. |
| SO026 | FinTech Global | Aikido Security secures $60m to advance autonomous security | |
| SO027 | The Manila Times / GlobeNewswire | Aikido Security Introduces Aikido Infinite, Delivering the Industry’s First Self-Securing Software Solution | |
| SO028 | Aikido Security | Aikido Infinite: Continuous AI Pentesting for Every Release | Security capacity doesn't scale with shipping, which is why the testing model must change. |
| SO029 | Aikido Security | Aikido Infinite | Aikido Security | Autonomous agents pentest every deployment, validate exploitability, generate patches, and retest the fix, all before code hits production. |
| SM001 | Aikido Security | Code to Cloud Security for Your Startup | |
| SM002 | Aikido Security | Aikido for Enterprise | |
| SM003 | Aikido Security | AppSec for FinTech - Aikido Security | |
| SM004 | Aikido Security | AppSec for Your Agency - Aikido Security | |
| SM005 | Aikido Security | Application Security Platform - Aikido Security | |
| SM006 | Aikido Security | ASPM (Application Security Posture Management) | Aikido | |
| SM007 | Aikido Security | Vulnerability Management Platform - Aikido Security | |
| SM008 | Aikido Security | Technical Vulnerability Management | Aikido Security | |
| SM009 | Aikido Security | Partners | Aikido Security | |
| SM010 | Aikido Security | Aikido Security + Vanta - Effortless technical vulnerability management | |
| SM011 | Aikido Security | Aikido + Drata integration | |
| SM012 | Aikido Security | Aikido + Sprinto integration | |
| SM013 | Aikido Security | Attack Surface Management - Aikido Security | |
| SM014 | Aikido Security | API Security Testing & API Fuzz Testing | Aikido Security | |
| SM015 | Aikido Security | Dynamic Application Security Testing (DAST) Tool | Aikido Security | |
| SM016 | Aikido Security | Aikido, the | |
| SM017 | Aikido Security | Aikido, the | |
| SM018 | Aikido Security | Aikido, the | |
| SM019 | Aikido Security | Aikido, the | |
| SM020 | Mordor Intelligence | Application Security Market Size, Scope, Demand Report 2031 | |
| SM021 | Fortune Business Insights | Application Security Market Size, Share | Industry Forecast 2034 | |
| SM022 | MarketsandMarkets | Application Security Market Report 2026-2031, by Components, Geo, Tech | |
| SM023 | Legit Security / Latio | Application Security Market Report 2026 | |
| SM024 | CISA | Software Bill of Materials (SBOM) | CISA | |
| SM025 | European Commission | Cyber Resilience Act | |
| SM026 | Coherent Market Insights | Application Security Market Size, YoY Growth Rate, 2026-2033 | |
| SM027 | Latio | 2026 Latio Application Security Report | |
| SM028 | OWASP Foundation | OWASP Top Ten Web Application Security Risks | OWASP Foundation | |
| SP001 | Aikido Security | Aikido, the | |
| SP002 | Aikido Security | Aikido, the | |
| SP003 | Aikido Security | Aikido, the | |
| SP004 | Aikido Security | Aikido, the | |
| SP005 | Aikido Security | Aikido, the | |
| SP006 | Aikido Security | Aikido vs Checkmarx | Aikido | |
| SP007 | Aikido Security | Aikido vs Semgrep | Aikido Security | |
| SP008 | Aikido Security | Aikido vs Endor Labs | |
| SP009 | Aikido Security | The all-round Jit alternative | Aikido Security | |
| SP010 | Aikido Security | Aikido, the | |
| SP011 | Snyk | Snyk Plans and pricing | |
| SP012 | Snyk | Open Source Security Management | Snyk | |
| SP013 | GitHub Docs | About GitHub Advanced Security - GitHub Docs | |
| SP014 | GitHub | GitHub Advanced Security · Built-in protection for every repository | |
| SP015 | Orca Security | Trusted Cloud Security Platform | Orca Security | |
| SP016 | Veracode | Platform | Veracode | |
| SP017 | Semgrep | Pricing and Plans | AppSec Platform SAST, SCA, and Secrets | |
| SP018 | Semgrep | Overview | Semgrep | |
| SP019 | Checkmarx | Agentic AI Cloud-Based AppSec Platform Pricing | Checkmarx One Cost | |
| SP020 | Endor Labs | AURI | AI-Native Application Security Platform | Endor Labs | |
| SP021 | Endor Labs | Pricing | Endor Labs | AI-Native Application Security Platform | |
| SP022 | Jit | Jit Platform | Orchestrate Product Security Execution | |
| SP023 | Apiiro | Platform | |
| SP024 | GitLab | Pricing | |
| SP025 | AppSec Santa | AppSec Tool Pricing Guide: Costs by Category (2026) | |
| SP026 | AppSec Santa | Aikido Alternatives: Top Competitors (2026) | AppSec Santa | |
| SI001 | Aikido Security | Pricing | Aikido Security | Local (On-Prem) Deployment and Multi Tenant Portal appear as enterprise services alongside a transparent pricing page. |
| SI002 | Aikido Security | About | Aikido Security | $85M funding raised; 200+ employee size; 100k+ teams protected. |
| SI003 | Aikido Security | Customer Stories | In just 45 minutes, we onboarded 150+ developers with Aikido. |
| SI004 | Aikido Security | Partners | Aikido Security | Earn commissions, grow your revenue, and get support from our no-nonsense enablement and co-sell motions. |
| SI005 | Aikido Security | Code to Cloud Security for Your Startup | |
| SI006 | Aikido Security | Aikido for Enterprise | Aikido has an enterprise-tailored plan for 2000 repos, 1000 containers, 100 cloud accounts and 500 users. |
| SI007 | Aikido Security | Aikido Security Raises $60M at a $1B valuation | |
| SI008 | Aikido Security | We just raised our $17 million Series A | We’re freemium, self-service, and open about what is under the hood and how much it’ll cost you. |
| SI009 | PR Newswire | Aikido Security raises €5m to offer best-in-class noise reduction in its security solution for growing SaaS businesses | |
| SI010 | PR Newswire | Aikido lands $17M Series A to bring it's 'no BS' security platform for developers to SMEs world-wide | |
| SI011 | Yahoo Finance / GlobeNewswire | Aikido Security Raises $60 Million Series B at $1 Billion Valuation to Lead Software Security | |
| SI012 | TechCrunch | Belgium's Aikido lands $17M Series A for its 'no BS' security platform aimed at developers | |
| SI013 | BankInfoSecurity | Aikido Gets $60M Series B to Scale, Automate AI Pen Testing | Aikido, founded in 2022, employs 164 people and has raised nearly $85 million in four rounds of outside funding. |
| SI014 | Solutions Magazine | Aikido Security, Belgium's seventh unicorn - Solutions Magazine | Aikido, which had raised $24 million before the latest round of financing, saw its revenue increase fivefold last year, with about half coming from the United States. |
| SI015 | MandA | How a Belgian cybersecurity start-up scored a record venture capital deal - MandA | Initially, the business was self-funded, but the founders went on to successfully raise 2 million euros in convertible loans in an angel round in their first year. |
| SI016 | Companies House | AIKIDO SECURITY LTD overview - Find and update company information | |
| SI017 | Companies House | AIKIDO SECURITY LTD filing history - Find and update company information | |
| SI018 | Staatsbladmonitor | AIKIDO SECURITY BV STAATSBLAD PUBLICATIES en JAARREKENINGEN (BE0792914919) | |
| SI019 | Aikido Security | Aikido Security + Vanta - Effortless technical vulnerability management | |
| SI020 | Aikido Security | Aikido + Drata integration | |
| SI021 | Aikido Security | Aikido + Sprinto integration | |
| SI022 | SourceForge | Aikido Security | Free plan (free forever, incl. 2 users, 10 repos, and more); Basic plan $350/month; Pro $700/month; Advanced $1050/month. |
| SI023 | Capterra | Aikido Security Software Pricing, Alternatives & More 2026 | Capterra | |
| SI024 | G2 | Aikido Security Pros and Cons: Top Advantages and Disadvantages | Users note limited features in Aikido, especially regarding API functionalities and reporting on lower-tier plans. |
| SI025 | ARR Club | Aikido at a 500% revenue growth — Aikido | Jan 25, 2026 Aikido ARR hit $10M+; Apr 23, 2026 Aikido ARR hit $25M. |
| SI026 | Companies House | AIKIDO SECURITY LTD people - Find and update company information | |
| SI027 | Aikido Security | Aikido, The Unified Security Platform | Aikido Security | |
| SI028 | Aikido Security | Aikido Infinite | Aikido Security | |
| SI029 | Companies House | AIKIDO SECURITY LTD persons with significant control - Find and update company information | |
| SE001 | Aikido Security | SAST Platform - Static Code Analysis | Aikido Security | Aikido positions SAST as low-noise static analysis with AI triage and one-click AutoFix. |
| SE002 | Aikido Security | Software Composition Analysis (SCA) | Aikido Security | The SCA surface emphasizes reachability, malware blocking, and lower alert noise. |
| SE003 | Aikido Security | Secrets Scanning & Detection Software | Aikido Security | |
| SE004 | Aikido Security | Infrastructure as Code (IaC) | Aikido Security | |
| SE005 | Aikido Security | Cloud Security Posture Management (CSPM) | Aikido Security | The product is described as agentless and built on minimal read-only cloud permissions. |
| SE006 | Aikido Security | API Security Testing & API Fuzz Testing | Aikido Security | |
| SE007 | Aikido Security | Zen, Your In-App Firewall | Aikido Security | Zen is positioned as an in-app firewall rather than a network-edge appliance. |
| SE008 | Aikido Security | Trust Center | Aikido Security | Aikido says it is SOC 2 Type II and ISO 27001:2022 certified, read-only by default, and does not store customer code after analysis. |
| SE009 | Aikido Security | Open Source | Aikido Security | |
| SE010 | Aikido Security | AI at Aikido | Aikido says AI is used from IDE assistance and AutoFix to runtime monitoring and pentesting workflows. |
| SE011 | Aikido Security | SBOM Generator: Software Bill of Materials | Aikido Security | The SBOM use case explicitly names CycloneDX, SPDX, CSV, and VEX-style workflows. |
| SE012 | Aikido | How Does Zen Work? | Aikido | The docs explain Zen by tracing user-controlled input to dangerous sinks inside the app. |
| SE013 | Aikido | Code Scanning Overview | Aikido | |
| SE014 | Aikido | Cloud Scanning Overview | Aikido | |
| SE015 | Aikido | Container Image Scanning Overview | Aikido | |
| SE016 | Aikido | Coverage and Findings | Aikido | |
| SE017 | Aikido | Reports | Aikido | The docs enumerate reports including security audit, trends, malware monitor, runtimes and frameworks, SLA, team comparison, and compliance outputs. |
| SE018 | Aikido | How Aikido Uses AI | Aikido | |
| SE019 | GitHub | Aikido Security · GitHub | The public GitHub org shows 56 repositories, making developer distribution a visible part of the company footprint. |
| SE020 | GitHub | Aikido Security · GitHub Marketplace · GitHub | The marketplace listing is verified and shows tens of thousands of installs. |
| SE021 | GitHub | GitHub - AikidoSec/safe-chain | Safe Chain is described as free to use, tokenless, and protective across npm-family and Python package tools. |
| SE022 | GitHub | GitHub - AikidoSec/firewall-node | |
| SE023 | GitHub | GitHub - AikidoSec/firewall-python | |
| SE024 | GitHub | GitHub - opengrep/opengrep | The README describes Opengrep as a consortium-backed static analysis engine with open governance and LGPL commitments. |
| SE025 | Opengrep | Opengrep - The open-source code security engine | |
| SE026 | Help Net Security | Aikido Infinite introduces continuous, self-remediating AI penetration testing | |
| SE027 | Security Systems News | Aikido Security acquires Allseek and Haicker | Security Systems News | |
| SE028 | BankInfoSecurity | Aikido Gets $60M Series B to Scale, Automate AI Pen Testing | The funding is framed as fuel to scale and automate AI-driven penetration testing. |
| SE029 | G2 | Aikido Security Pros and Cons | User Likes & Dislikes | Reviewers praise breadth and ease of use, while still flagging API and reporting limitations and occasional noise. |
| SE030 | Capterra | Aikido Security Software Pricing, Alternatives & More 2026 | Capterra | |
| SE031 | SourceForge | Aikido Security Reviews in 2026 | |
| SE032 | The Manila Times / GlobeNewswire | Aikido Security Introduces Aikido Infinite, Delivering the Industry’s First Self-Securing Software Solution | |
| SU001 | Aikido Security | Customers | Aikido Security | In just 45 minutes of internal training, we were able to onboard more than 150 developers. |
| SU002 | Aikido Security | Customer Stories | Aikido Security | Visma rolled out a unified SCA & SAST solution across 200 portfolio companies and 6,000 devs. |
| SU003 | Aikido Security | Aikido Security Raises $60M at a $1B valuation | Today, Aikido is used by 100,000+ teams globally, including customers like the Premier League, SoundCloud, Niantic, and Revolut. Over the past year, we grew revenue 5x and more than tripled our customer base. |
| SU004 | Aikido Security | We just raised our $17 million Series A | In less than a year since our launch, we are already used by over 3,000 organizations and 6,000 individual developers. |
| SU005 | Aikido Security | Pricing | Aikido Security | Aikido has been easy to roll out and pleasant to use. Its noise reduction features have helped us tremendously in focusing on the most important issues. |
| SU006 | Aikido Security | Aikido for Enterprise | Aikido Security | Aikido has an enterprise-tailored plan for 2000 repos, 1000 containers, 100 cloud accounts and 500 users. |
| SU007 | Aikido Security | Visma customer story | Aikido Security | With 15,000 employees (6,000 of whom are developers) and a dedicated security team of 100 people, security is at the core of their operations. |
| SU008 | Aikido Security | Oviva customer story | Aikido Security | Oviva onboarded more than 75 developers and connected over 200 repositories within a few weeks. |
| SU009 | Aikido Security | Prove customer story | Aikido Security | In one environment, for AppSec alone, we had six different tools. Each producing its own alerts, dashboards and workflows. |
| SU010 | Aikido Security | n8n customer story | Aikido Security | With 92% noise reduction, we got used to the quiet quickly. Now I wish it was even quieter! It’s a massive productivity and sanity boost. |
| SU011 | Aikido Security | AutoStore customer story | Aikido Security | Most of the GitLab integration was done by one security engineer, with little help, in just a few weeks. This included about 100 repositories and 100 developers. |
| SU012 | Aikido Security | Birdie customer story | Aikido Security | With Aikido, we can fix an issue in just 30 seconds – click a button, merge the PR, and it’s done. |
| SU013 | Aikido Security | Go Autonomous customer story | Aikido Security | We had over a thousand vulnerabilities and a huge backlog. We didn’t even know which ones were actionable. |
| SU014 | Aikido Security | Simployer customer story | Aikido Security | The speed to resolution is incredible. We’ve fixed issues in under a minute. Aikido creates the pull request, tests pass, and it’s done. |
| SU015 | Aikido Security | Petrosea customer story | Aikido Security | The fastest time we fixed a vulnerability was just 5 seconds after detection. That is efficiency. |
| SU016 | Aikido Security | Render customer story | Aikido Security | With around 50 developers working across roughly 30 active repositories, the team needs tooling that provides consistent coverage without creating constant maintenance work. |
| SU017 | Aikido Security | HeyJobs customer story | Aikido Security | Today the platform monitors 95 repositories, 31 container registries and nine connected cloud environments. |
| SU018 | Aikido Security | Supermetrics customer story | Aikido Security | We’ve seen a 75% reduction in noise using Aikido so far. |
| SU019 | Aikido Security | Jurimesh customer story | Aikido Security | The biggest win is time saved: 10–15 hours per month, nearly half a week of a developer’s time. |
| SU020 | Aikido Security | Pathful customer story | Aikido Security | We’ve seen a 60% reduction in total issues over the past two weeks. That’s a big deal. |
| SU021 | Aikido Security | Human Security customer story | Aikido Security | Aikido brings all of our application security into the CI/CD pipeline, expanding coverage and cutting down noise. |
| SU022 | Aikido Security | Smartendr customer story | Aikido Security | The AI pentest ran against Smartendr’s application and surfaced 54 validated findings. |
| SU023 | G2 | Aikido Security Reviews & Product Details | Users consistently praise the ease of use and intuitive interface of Aikido Security ... However, some users note that the pricing structure may be steep for smaller businesses. |
| SU024 | TrustRadius | Aikido Security Reviews & Ratings 2026 | TrustRadius | Score 8.1 out of 10 ... 2 Reviews and Ratings. |
| SU025 | FeaturedCustomers | 86 Aikido Customer Reviews & References | FeaturedCustomers | Read 46 Aikido reviews and testimonials from customers, explore 35 case studies and customer success stories, and watch 5 customer videos. |
| SU026 | PeerSpot | Aikido Security reviews 2026 | |
| SU027 | SourceForge | Aikido Security Reviews, Competitors and Pricing | 6 User Reviews ... Overall 5.0 / 5. |
| SU028 | Yahoo Finance / GlobeNewswire | Aikido Security Raises $60 Million Series B at $1 Billion Valuation to Lead Software Security | Aikido counts the Premier League, Niantic, Revolut, and SoundCloud as customers, with more than 100,000 teams using the platform globally. |
| SU029 | TechCrunch | Belgium’s Aikido lands $17M Series A for its no-BS security platform aimed at developers | The company already has 3,000 small-to-midsize customers. |
| SU030 | Tech.eu | $60M Series B propels Aikido into the global unicorn ranks | Today, Aikido is used by more than 100,000 teams worldwide, including organisations such as the Premier League, SoundCloud, Niantic, and Revolut. |
| SU031 | SiliconANGLE | Aikido Security raises $60M round at $1B valuation to unify application security | The new funding comes after a year in which Aikido has seen rapid growth, including times revenue growth and nearly three-times customer growth, with more than 100,000 teams using the platform globally. |
| SR001 | Aikido Security | Trust Center | Aikido Security | Aikido does not store your code after analysis and says integrations are read-only by default. |
| SR002 | Aikido Security | Aikido Privacy Policy | Aikido Security | Aikido says GDPR is the main benchmark for its company-wide privacy program. |
| SR003 | Aikido Security | Terms of Use | Aikido Security | The site terms say the public site is not tailored to HIPAA, FISMA, or GLBA use cases. |
| SR004 | Aikido Security | Aikido Security status | The public status page shows Aikido Website at 100% uptime over the visible window. |
| SR005 | Aikido Security Docs | Aikido Never Stores Your Code | Some jobs require a git clone, but Aikido says code is not stored after analysis. |
| SR006 | Aikido Security Docs | GitHub Integration: Authentication and User Management | Aikido mirrors GitHub organizations, repositories, teams, and membership changes. |
| SR007 | Aikido Security Docs | Connect Your Cloud | The cloud docs link onboarding for AWS, Azure, and Google Cloud, including org-level coverage. |
| SR008 | Aikido Security Docs | Jira Cloud and Slack | Aikido can create Jira tickets and Slack messages when new vulnerabilities are found. |
| SR009 | Aikido Security Docs | PR Gating Overview | PR Gating covers SCA, IaC, Secrets, SAST, malware, license risks, and code quality issues. |
| SR010 | Aikido Security Docs | Getting Started with Zen Firewall | Zen Firewall embeds into application code and supports Node, Python, PHP, Java, .NET, Ruby, and Golang beta. |
| SR011 | Aikido Security Docs | Account Creation for Local Scanning | Local Scan accounts do not have access to AutoFix within the UI. |
| SR012 | Aikido Security Docs | Compliance Reporting | Aikido lists compliance pages for NIS2, DORA, GDPR, HIPAA, PCI, and other frameworks. |
| SR013 | Aikido Security Docs | OSS Licenses | The Licenses & SBOM page assigns legal risk to licenses and supports SBOM export. |
| SR014 | Aikido Security Docs | Aikido Security Checks | Aikido organizes checks across repository, cloud, container, and domain views. |
| SR015 | Aikido Security | Software Composition Analysis (SCA) | Aikido Security | Aikido says its SCA cross-references NVD, GitHub Advisory, and 10+ external feeds. |
| SR016 | Aikido Security | Open Source License Scanner & Compliance | Aikido Security | Aikido markets license-risk management and SBOM generation for compliance. |
| SR017 | Aikido Security | Customer Stories | Customer stories show migrations from tools such as Snyk, GitHub Advanced Security, Semgrep, and Veracode. |
| SR018 | Aikido Security | Pricing | Aikido Security | Enterprise services include custom SLA, enterprise support, local deployment, and an internal-app broker. |
| SR019 | Intigriti | Aikido Security: Bug Bounty Program - Intigriti | The program applies safe harbour and pays up to €2,500, with published validation timelines. |
| SR020 | Capterra | Aikido Security Software Pricing, Alternatives & More 2026 | Capterra | Capterra shows strong feature ratings but only a small number of public reviews. |
| SR021 | PeerSpot | Aikido Security Reviews, Competitors and Pricing | PeerSpot frames Aikido toward non-enterprise SaaS teams of 10-500 developers. |
| SR022 | TrustRadius | Aikido Security Reviews & Ratings 2026 | TrustRadius | A reviewer says it would be nice to add RMM agents that report infrastructure statuses to the Aikido cloud. |
| SR023 | European Commission | Cyber Resilience Act | The CRA requires digital products to be designed, updated, and maintained to protect users. |
| SR024 | ENISA | Network and Information Systems Directive 2 (NIS2) | ENISA describes NIS2 as expanding scope and strengthening obligations across the EU. |
| SR025 | European Commission | Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) - FAQs | The Commission FAQ explains the NIS2 Directive’s scope and main obligations. |
| SR026 | European Banking Authority | Digital Operational Resilience Act | European Banking Authority | DORA establishes a comprehensive digital-operational-resilience framework for EU financial entities. |
| SR027 | European Banking Authority | DORA oversight | European Banking Authority | DORA creates an EU-wide oversight framework for critical ICT third-party providers. |
| SR028 | EIOPA | Digital Operational Resilience Act (DORA) | EIOPA says growing dependence on technology makes financial entities vulnerable to cyber incidents. |
| SR029 | FPS Economy Belgium | Search in the Crossroads Bank for Enterprises (CBE) | The English version of the CBE public search is unofficial and for information purposes only. |
| SR030 | Staatsblad Monitor | AIKIDO SECURITY BV STAATSBLAD PUBLICATIES en JAARREKENINGEN (BE0792914919) | The page lists Aikido Security as an active BV with enterprise number 0792.914.919 and address Coupure 88, Gent. |
| SR031 | LEI Lookup | Aikido Security - LEI: 699400E5YPMHFRISO315 | LEI Lookup | The LEI record lists Aikido Security as ACTIVE and registered at the Crossroad Bank of Enterprises. |
| SR032 | Companyweb | Aikido (SRL) - Gent (9000) - BE0792914919 | Companyweb lists Aikido Security as active, established on 26-10-2022, with last balance sheet year 2025. |
| SV001 | Aikido Security | Aikido Security Raises $60M at a $1B valuation | Today, we’re excited to announce Aikido has raised a $60M Series B at a $1B valuation. |
| SV002 | Yahoo Finance / GlobeNewswire | Aikido Security Raises $60 Million Series B at $1 Billion Valuation to Lead Software Security | |
| SV003 | BankInfoSecurity | Aikido Gets $60M Series B to Scale, Automate AI Pen Testing | Aikido, founded in 2022, employs 164 people and has raised nearly $85 million in four rounds of outside funding. |
| SV004 | Solutions Magazine | Aikido Security, Belgium's seventh unicorn - Solutions Magazine | Aikido saw its revenue increase fivefold last year, with about half coming from the United States. Its customer base has nearly tripled. |
| SV005 | MandA | How a Belgian cybersecurity start-up scored a record venture capital deal - MandA | Initially, the business was self-funded, but the founders went on to successfully raise 2 million euros in convertible loans in an angel round in their first year. |
| SV006 | ARR Club | Aikido at a 500% revenue growth — Aikido | Apr 23, 2026 Aikido ARR hit $25M. Jan 25, 2026 Aikido ARR hit $10M+. |
| SV007 | Companies House | AIKIDO SECURITY LTD overview - Find and update company information | |
| SV008 | Companies House | AIKIDO SECURITY LTD filing history - Find and update company information | Current accounting period shortened from 30 April 2027 to 31 January 2027; statement of capital following an allotment of shares on 9 April 2026 GBP 100,000. |
| SV009 | Staatsbladmonitor | AIKIDO SECURITY BV STAATSBLAD PUBLICATIES en JAARREKENINGEN (BE0792914919) | 2025-01-31 assets €18,204,968; brutomarge €-3,733,554; bedrijfswinst €-4,426,116; eigen vermogen €14,728,177. |
| SV010 | G2 | Aikido Security Pros and Cons: Top Advantages and Disadvantages | Users note limited features in Aikido, especially regarding API functionalities and reporting on lower-tier plans. |
| SV011 | Multiples.vc | Public Software Valuation Multiples — May 2026 | Software multiples in May 2026 show clear segmentation across infrastructure, vertical, and horizontal categories. |
| SV012 | Aventis Advisors | SaaS Valuation Multiples: 2015-2026 | From 2015 to 2020, the median EV/Revenue multiple for public SaaS companies rose steadily. |
| SV013 | CompaniesMarketCap | CrowdStrike (CRWD) - Market capitalization | As of May 2026 CrowdStrike has a market cap of $164.99 Billion USD. |
| SV014 | CompaniesMarketCap | CrowdStrike (CRWD) - Revenue | As of May 2026 CrowdStrike's TTM revenue is $4.81 Billion USD. |
| SV015 | U.S. Securities and Exchange Commission | crwd-20260131 | |
| SV016 | CompaniesMarketCap | GitLab (GTLB) - Market capitalization | As of May 2026 GitLab has a market cap of $4.32 Billion USD. |
| SV017 | CompaniesMarketCap | GitLab (GTLB) - Revenue | As of May 2026 GitLab's TTM revenue is $0.95 Billion USD. |
| SV018 | U.S. Securities and Exchange Commission | gtlb-20260131 | |
| SV019 | CompaniesMarketCap | Tenable (TENB) - Market capitalization | As of May 2026 Tenable has a market cap of $2.77 Billion USD. |
| SV020 | CompaniesMarketCap | Tenable (TENB) - Revenue | As of May 2026 Tenable's TTM revenue is $1.02 Billion USD. |
| SV021 | U.S. Securities and Exchange Commission | tenb-20251231 | |
| SV022 | CompaniesMarketCap | Qualys (QLYS) - Market capitalization | As of May 2026 Qualys has a market cap of $3.55 Billion USD. |
| SV023 | CompaniesMarketCap | Qualys (QLYS) - Revenue | As of May 2026 Qualys's TTM revenue is $0.68 Billion USD. |
| SV024 | U.S. Securities and Exchange Commission | qlys-20251231 | |
| SV025 | CompaniesMarketCap | Palo Alto Networks (PANW) - Market capitalization | As of May 2026 Palo Alto Networks has a market cap of $205.11 Billion USD. |
| SV026 | CompaniesMarketCap | Palo Alto Networks (PANW) - Revenue | As of May 2026 Palo Alto Networks's TTM revenue is $9.89 Billion USD. |
| SV027 | U.S. Securities and Exchange Commission | panw-20250731 | |
| SV028 | CompaniesMarketCap | Rapid7 (RPD) - Market capitalization | As of May 2026 Rapid7 has a market cap of $0.47 Billion USD. |
| SV029 | CompaniesMarketCap | Rapid7 (RPD) - Revenue | Rapid7's current revenue (TTM) is $0.85 Billion USD. |
| SV030 | Wiz | Celebrating Our $1 Billion Funding Round and $12 Billion Valuation | Wiz has raised $1 billion at a $12 billion valuation. |
| SV031 | TechCrunch | Exclusive: Snyk hits $300M ARR but isn't rushing to go public | Snyk, the developer security startup most recently valued at $7.4 billion, hit $300 million ARR recently. |
| SV032 | Aikido Security | We just raised our $17 million Series A | We’re freemium, self-service, and open about what is under the hood and how much it’ll cost you. |
| SV033 | PR Newswire | Aikido Security raises €5m to offer best-in-class noise reduction in its security solution for growing SaaS businesses |