Aikido Security logo

    Aikido Security

    Secure your code, cloud, and runtime in one central system. Transparent flat-rate pricing to suit any size, with a free-forever developer plan.

    Ratings and reviews

    4.6
    150 ratings
    2 star
    1 star
    77%
    21%
    1%
    0%
    0%
    2 AWS reviews
    |
    148 external reviews
    External reviews are from G2  and PeerSpot .

    Filters

    Review type

    AWS Marketplace reviews
    External reviews
    Reviews (150)
    Financial Services

    Aikido: All-in-One Security Platform with Excellent UX and Time-Saving Autofix

    Reviewed on Jun 30, 2026
    Review provided by G2
    What do you like best about the product?
    Aikido makes security incredibly easy for developers. It combines all the tools into one platform and gives you what you need without gating important features behind enterprise tiers. The UX is excellent, and the reachability analysis and autofix save a ton of time. Everything is much easier to set up compared to Snyk, where I’m constantly fighting configuration. I also love that they keep shipping new features and functionality.
    What do you dislike about the product?
    I really have no complaints. I wish every company would use it.
    What problems is the product solving and how is that benefiting you?
    Shifts security left in app development by integrating SAST, DAST, SCA, endpoint scanning, and code review, placing all findings in GitHub so developers can act on them easily.
    Sayak H.

    Developer-First Security with a Unified Dashboard and Seamless Git Workflows

    Reviewed on Jun 26, 2026
    Review provided by G2
    What do you like best about the product?
    I really like its developer-first approach. The UI is easy to navigate and provides a unified dashboard, so as a user I don’t need to jump between multiple tools. Seamless Git workflows are another great aspect. It also uses AI to reduce false positives and to explain the real mitigations for the issues it surfaces.
    What do you dislike about the product?
    The only major issue I faced is its reduced capability to scan complex mechanisms. In addition, the limited options for customizing reports are also an issue for me as a user.
    What problems is the product solving and how is that benefiting you?
    It solves the challenge of monitoring multiple security tools by bringing them together under one roof. Support has been excellent as well; we’ve received timely resolutions on multiple occasions.
    Sunil D.

    Developer-First Security Platform with Seamless Integrations and Actionable AI

    Reviewed on Jun 25, 2026
    Review provided by G2
    What do you like best about the product?
    What I like most about Aikido Security is its developer-first approach. Rather than forcing developers to juggle multiple separate security tools, Aikido brings application security, dependency scanning, and cloud security together in a single platform.
    Aikido's use of AI to make security more actionable.
    Another aspect i appreciate is the emphasis on UI/UX. Security tools are most effective when they're easy to use.
    Aikido performance is equally important. Security scanning integrates seamlessly in to development workflow without slowing down developers or CI/CD pipelines.
    Appreciate Aikido's integrations with tools that developer already use, such as GitHub, Git Lab,CI/CD platforms.
    Finally, I think Aikido's pricing model is attractive because it makes enterprise-grade application security more accessible to companies that may not have budget for multiple sepcialized security products.
    What do you dislike about the product?
    There are still areas where the product can improve. Some advanced enterprise features and integrations could be expanded further. More customization in dashboards, reporting and altering would be useful for larger organizations
    What problems is the product solving and how is that benefiting you?
    Aikido Security solves the problem of fragmented application security. Instead of using separate tools fo SAST, dependency scanning, secrets detection, it brings everything in to one platform
    Jonathon K.

    AI Code Reviews That Catch Vulnerabilities and Logic Bugs Across Multiple Repos

    Reviewed on Jun 25, 2026
    Review provided by G2
    What do you like best about the product?
    The AI code review catches things I'd miss as a solo developer — dependency vulnerabilities, AWS misconfigurations, and outdated packages across multiple repos. As a bootstrapped founder managing several Laravel applications, having automated scanning in the background means I'm not relying on my own eyes for everything. The deeper AI reviews have been especially useful for catching logic-level issues, not just dependency problems.
    What do you dislike about the product?
    Honestly my only real complaint has ever been the pricing structure, which seems to favor larger teams. As a solo dev, a tier built more around independent developers would be nice — but to be fair, that's not unique to Aikido at all. Plenty of SaaS companies price the same way (Intercom, HubSpot, Datadog, and most security tooling all skew toward bigger teams), so it's an understandable tradeoff and never enough to outweigh what I get out of it.
    What problems is the product solving and how is that benefiting you?
    It's automatic the dependency scanning. I've used their more in-depth ai code review as well and it's been incredibly helpful as well.
    Aman Raj Pandey

    Automated code reviews have accelerated security checks and reduce manual analysis time

    Reviewed on Jun 14, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My main use case for Aikido Security is to perform SAST, security code review of codes provided by developers, and SCA determination or dependency checks.

    I used Aikido Security during an engagement where I performed SAST on a code to review what flags or vulnerabilities are part of the codebase. I identified many critical and high-level vulnerabilities, which helped to further mitigate those so that in production, there are no such issues.

    Additionally, I perform SCA determination with Aikido Security to check that dependencies are not vulnerable in nature, ensuring all are safe and no vulnerabilities are present in the dependencies.

    What is most valuable?

    Aikido Security offers the best features including being very easy to use, allowing even a normal tech person with some hands-on experience to use this tool and clearly get the results they want. If we go for DAST also, it is very good.

    The ease of use of Aikido Security helps my daily workflow since I can upload my whole codebase, and it will identify at each line where the vulnerabilities are present and provide recommendations to fix and related vulnerabilities, detailing what those vulnerabilities are and how they will impact the whole code or the infrastructure.

    Aikido Security has positively impacted my organization by reducing a lot of work to manually check each line of code; the process goes on and on. Iterations have increased due to manual work, but the iterations which earlier took around seven to eight are now only taking two to three. Using that, a lot of our time gets saved.

    For a secure code review or SAST, usually we are taking around seven to ten days, but using Aikido Security, we complete the activity within two to three days.

    What needs improvement?

    I think Aikido Security could improve by reducing some pricing model. I checked the pricing, but it is a little high for a normal person if a single person wants to use it for themselves. Pricing is quite high for a normal user, and if they can make it a little less, it will be much better.

    I started with a free tier, which could include some features of DAST so that users can understand how it will work when a person purchases a license for Aikido Security. This way, new users will be much more aware of the good features of this product, demonstrating that this tool will definitely help them.

    Aikido Security's pricing model is a little bit high for a normal person, around $250 per month. If you have a small team, you can definitely go for that and work within their designated period of time. However, if you are a normal person just wanting to perform DAST for entry-level and understand its workings, you can choose the free tier, which also provides a lot of information.

    For how long have I used the solution?

    I have been using Aikido Security for the last four to five months,

    What do I think about the stability of the solution?

    Aikido Security is very stable.

    What do I think about the scalability of the solution?

    Aikido Security is quite scalable in nature; you can deploy it on your team, and if you have a large team, it works very well.

    How are customer service and support?

    Customer support is good; if you raise a query, hardly within a day, your issues get resolved, and designated teams contact you instantly, with tickets getting created and all the tracking happening very smoothly.

    Which solution did I use previously and why did I switch?

    I haven't used a different solution, but I have listened about Checkmarx and other tools; however, they don't seem to perform well. I definitely used Aikido Security, and after that, I don't want to switch to any other. It is very good.

    What was our ROI?

    You can say we have seen a return on investment in time saved. Regarding pricing, I don't know how much ROI we have saved, but you can say the task, which usually took around seven to eight days, now takes two to three days, hardly three days. Within that, we just complete the task using Aikido Security, so we save around three to four days.

    Which other solutions did I evaluate?

    Before choosing Aikido Security, I evaluated other options such as Checkmarx, Semgrep, and SonarLint. These are in the market, but Aikido definitely performs better than all of them, and its customer support is very good. That's why I chose Aikido Security. I compared online reviews, and Aikido seems to be very promising in that nature, so I chose Aikido Security from my point of view.

    What other advice do I have?

    Regarding Aikido Security's accuracy and reliability of output, I can say its reliability is 80 to 90%. It definitely works and delivers very good results, easily identifying if you need clarification with the type of vulnerability it has identified and providing a more detailed review of each of them.

    If a person is looking for a SAST, DAST, and a complete combination of a pack of security tools, then Aikido Security is best. It helps to perform SAST, DAST, which is dynamic application testing, and most tools don't combine all of them in one. You can also scan your cloud and your infrastructure as code things, covering all the wide areas of your project, so that type of person can definitely choose Aikido Security.

    I would rate my overall experience with Aikido Security as an 8 out of 10.

    Abdulmunafz Mct

    Automated security checks have saved time and provide clear insights into vulnerabilities

    Reviewed on Jun 13, 2026
    Review provided by PeerSpot

    What is our primary use case?

    I use Aikido Security for identifying security vulnerabilities in code and dependencies and cloud configurations. In my full-stack project, Aikido Security helped to detect the vulnerable packages and security issues before deployment, thereby improving application security. It also provides actionable recommendations that make it easier to fix issues quickly during deployment.

    What is most valuable?

    Aikido Security offers vulnerability scanning, dependency monitoring, cloud security insights, cloud security checks, and an easy-to-use dashboard. The Aikido Security dashboard updates frequently, so I am able to access information in case of emergency or urgent situations. The dashboard itself is in a neat format and very clear-cut, so I am able to use it in an easy manner.

    It saves time by prioritizing importance and security issues and reducing alert failures. Aikido Security has improved my project security by helping me identify issues early and increasing my confidence before deployment. My favorite feature is the dependency vulnerability scanning because it quickly identifies the risk in third-party packages, which saves me time in finding vulnerabilities.

    What needs improvement?

    I think Aikido Security could be improved with more detailed remediation guidance, such as additional beginner-friendly tutorials and enhanced customization for alerts and reporting. There is room for improvement in customization, reporting, and learning resources for new users.

    For how long have I used the solution?

    I have been working with Aikido Security for approximately one to one and a half years in my current field.

    What do I think about the stability of the solution?

    I do not think Aikido Security has any downtime or issues with reliability. The platform has been reliable and provides accurate security findings. I have not faced any downtime or issues with it, and Aikido Security is fully stable.

    What do I think about the scalability of the solution?

    Aikido Security scales well by supporting multiple projects, repositories, and development teams on a single platform.

    How are customer service and support?

    I have not reached out to customer support, but the documentation and onboarding resources were helpful.

    Which solution did I use previously and why did I switch?

    Before Aikido Security, I mainly relied on manual checks and basic security tools, which were less comprehensive. I was supporting multiple projects and repositories through manual methods and basic security tools that were less comprehensive.

    How was the initial setup?

    I use Aikido Security in the cloud-hosted SaaS version, which was easy to set up and access.

    What about the implementation team?

    Aikido Security has great accuracy in finding vulnerabilities and management. The reliability has been very useful with remediation guidance, providing accurate security findings with helpful remediation.

    What was our ROI?

    Aikido Security is an investment that saved my time by automating security checks and helping identify issues early before they become costly problems.

    What's my experience with pricing, setup cost, and licensing?

    With Aikido Security pricing, I have not used any paid version yet and am using the free version, which is very useful for my experience. Aikido Security is delivering a cloud-based SaaS platform. I used the free trial, which was sufficient for evaluating the platform and its core features. It saved my time by automating security checks.

    What other advice do I have?

    Aikido Security saved me several hours each week by automating vulnerability scanning and security checks, reducing the need for manual review and helping me focus on more development.

    If you are starting out, use Aikido Security early in development to catch security issues sooner and build more secure applications. Aikido Security provides strong visibility into security risk, vulnerability management, and compliance-related insights in governance and security. I would rate this product an 8 out of 10.

    B Goswami

    Security has shifted left and now catches vulnerabilities early in our development workflow

    Reviewed on Jun 12, 2026
    Review from a verified AWS customer

    What is our primary use case?

    I have been using Aikido Security for approximately more than one year, primarily for securing our development pipelines and scanning our codebase for vulnerabilities across multiple projects.

    The use case is definitely developer-first vulnerability management. Aikido Security nests directly in our development workflow and it catches security issues before they reach production. It integrates with GitHub very well. Pull requests get automatically scanned. From that point of view, security becomes part of development rather than an afterthought.

    What is most valuable?

    I used it mainly for three things. The first one is static code analysis, open-source dependency vulnerability scanning, and container image scanning. It has become our primary security layer in our development workflow.

    When talking about the features, there are several powerful features they have. The first one is static application security testing or SAST. It scans source code for vulnerabilities automatically.

    It identifies vulnerable open-source dependencies in our project. Container scanning checks Docker images for known vulnerabilities before deployment. Infrastructure as code scanning scans Terraform and other IaC files for misconfigurations.

    The unique feature is secret detection, which automatically finds accidentally committed API keys, passwords, or tokens in code. Also, Auto-Triage intelligently filters false positives so developers only see real, actionable issues.

    The impact was significant and immediate. Security shifted left, meaning issues were caught during development rather than after deployment. That alone reduced our remediation costs dramatically, since fixing issues early is always cheaper than fixing them in production. Developer confidence has increased. The team members felt more secure pushing code knowing Aikido Security was continuously scanning. Our comprehensive posture improved with clear visibility into all vulnerabilities across our entire codebase, which made security audits much smoother as well.

    What needs improvement?

    There are a few areas for improvement. The first is scan speed. For large repositories, initial scans can be slow. Incremental scanning helps, but full scans still take considerable time. The second thing is the false positive rate. While Auto-Triage is good, it is not perfect. Occasionally, genuine issues get filtered out and real false positives slip through. The third one is remediation guidance. Aikido Security tells you what is vulnerable, but sometimes the fix suggestions are generic. More specific, actionable remediation steps would save developer time. The fourth one is IDE integrations. It currently works best in CI/CD pipelines. A proper VS Code or JetBrains plugin for real-time scanning while coding would be a significant improvement.

    From a customer point of view, the following things could change. The first thing is documentation for custom rules. Aikido Security allows you to create custom scanning rules, but the documentation for this feature is surprisingly thin. I spent considerable time in community forums and with trial and error just to configure basic custom rules. Step-by-step guides with real-world examples would make this feature much more accessible. The second thing is better Slack and communication integrations. Currently, security alerts come through email and dashboard notifications, but our team lives in Slack. A more configurable Slack integration that sends contextual alerts directly to the relevant developer, not just a generic channel notification, would dramatically improve response time. The third one is historical trend reporting. While Aikido Security shows current vulnerability status well, generating historical reports showing security posture improvement over time is limited. For presenting security progress to management or stakeholders, better exportable trend reports would be very valuable.

    For how long have I used the solution?

    I have been working with Aikido Security for more than two years.

    What do I think about the stability of the solution?

    Aikido Security is stable.

    What do I think about the scalability of the solution?

    From an integration stability perspective, the GitHub integration was rock solid. I never experienced a broken webhook or missed scan trigger throughout our use. That kind of reliability becomes invisible when it works well, which is exactly what you want from a security tool running in your CI/CD pipelines. However, there are two minor stability observations worth mentioning. The first one is during peak hours when multiple large repositories triggered simultaneous scans, there were occasional queuing delays of five to ten minutes. Not a deal-breaker, but noticeable. The second thing is, on two occasions after product updates, the dashboard briefly displayed stale vulnerability data before refreshing. A minor issue, but slightly concerning for a security platform where data freshness matters.

    How are customer service and support?

    The customer support experience was genuinely positive, especially for a relatively young company. Onboarding support was excellent. Their team proactively reached out after signup to ensure we were set up correctly. Response time for support tickets averaged twelve to twenty-four hours, which is faster than most enterprise security tools. The documentation is clear and well-maintained. Their changelog is also very transparent, with regular product updates and clear explanations. I would rate support an eight out of ten, one of the better support experiences in the developer tools space.

    Which solution did I use previously and why did I switch?

    I did a thorough evaluation before choosing Aikido Security. I looked at several alternatives. The first one was Snyk, which was my previous tool. Snyk is the market leader in developer security and has excellent dependency scanning. However, the pricing was significantly higher, especially as our repository count grew. Alert noise was also a consistent frustration, with too many false positives requiring manual triage. Aikido Security's Auto-Triage was noticeably better in our testing. The second thing is Semgrep. It is also a very powerful static analysis tool and highly customizable, but the customizability that makes it powerful also makes it complex to configure. For my small team, I needed something that worked well out of the box without significant configuration overhead. Semgrep felt more suited to large security teams with dedicated AppSec engineers. I chose Aikido Security because it is the best one.

    How was the initial setup?

    I purchased directly through Aikido Security's website. The signup and onboarding process was very straightforward. Connecting my GitHub organization, I was scanning within minutes, with no complex procurement process needed. Aikido Security's pricing setup follows a repository-based pricing model. The cost scales with the number of repositories being scanned. For small teams, the entire price is very reasonable. The setup cost was essentially zero, with no professional services or implementation fees. The self-service onboarding took less than thirty minutes to connect all repositories and configure scan rules. Licensing is a straightforward annual or monthly subscription, with no per-user fees, which is developer-friendly. Overall, it is one of the most transparent and accessible pricing models I have seen in the security tools space.

    What was our ROI?

    The return on investment with Aikido Security was very clear and measurable across multiple dimensions. First and most significant is the cost of prevented breaches. Aikido Security caught a critical remote code execution vulnerability in my Python machine learning pipelines before it reached production. Industry estimates put the average cost of a data breach for a small to mid-sized company at anywhere between one hundred thousand to five hundred thousand dollars. When you factor in incident response, legal costs, customer notification, and reputation damage, preventing even one such incident more than justified my entire annual subscription many times over. The second one is developer time savings. Before Aikido Security, my senior developers spent roughly six to eight hours per week manually reviewing code for security issues and triaging vulnerability alerts from multiple tools. After Aikido Security, that dropped to approximately one to two hours per week, a saving of nearly seventy-five percent of security review time. Across a team of five developers, over a year, that translated to hundreds of recovered engineering hours redirected towards actual product development. The third one is tool consolidation savings. I replaced Snyk and a separate secret scanning tool with Aikido Security alone. That consolidation saved approximately four hundred to five hundred dollars monthly in subscription costs while actually improving our security coverage.

    Which other solutions did I evaluate?

    My relationship with Aikido Security is purely as a customer. There is no partnership, no reseller agreement, no referral agreement, and no affiliate relationships of any kind beyond my standard subscription. Everything I shared in this interview is based entirely on genuine, hands-on experience, and my opinions are completely my own.

    What other advice do I have?

    I have several practical pieces of advice for anyone considering Aikido Security. The first one is to connect all repositories from day one, not just your main production ones. Security vulnerabilities hide in unexpected places such as internal tools, side projects, and experimental repositories. Full coverage from the start gives you complete visibility. The second one is to spend time configuring Auto-Triage rules early. The default settings are good, but customizing triage rules for your specific tech stack significantly reduces noise. Invest that configuration time up front, and you will thank yourself later. The third one is to integrate with your existing workflow immediately. Connect Aikido Security to your GitHub pull request process from day one. Make security scanning a non-negotiable part of every code review. If you add it as optional, it will get ignored. Use it as a developer education tool. Aikido Security does not just find vulnerabilities; it explains why they are dangerous. Encourage developers to read those explanations. Over time, our entire team's security knowledge improved naturally. I would rate this product an eight out of ten overall.

    Samir Patil

    Automated pull requests have accelerated vulnerability remediation and achieved rapid compliance

    Reviewed on Jun 09, 2026
    Review provided by PeerSpot

    What is our primary use case?

    I used Aikido Security at my previous organization for almost two to three weeks because we had to achieve SOC 2 compliance for our current codebase.

    The main use case for Aikido Security was to resolve the vulnerabilities in the packages we were using. I wanted to remove the vulnerabilities from them and update to the latest stable version. A couple of code changes along with package changes were also involved.

    Aikido Security helped me with the vulnerabilities and package updates through a simple workflow where I just had to open Aikido Security dashboard, connect my GitHub account, select the repository and scan it. After scanning it, Aikido Security would raise a PR for each vulnerability, specifying what those vulnerabilities were. I would then merge the PR, and it would also run the test cases that I already had attached to my codebase.

    Regarding my main use case with the workflow, the process was straightforward. However, there was one minor issue that I faced. When I had a UUID for an object in the code, Aikido Security was considering it as a secret key, which it was not. This was a false positive alarm, but it was not a major issue and merely feedback I wanted to provide.

    What is most valuable?

    The best features Aikido Security offers include instantly raising PR by just identifying the vulnerabilities.

    When I say instant raising of PR, it helped my workflow by making the process super easy and quick. Initially, I thought I would need to pick the right vulnerability from the internet, update my codebase accordingly, and then ask an engineer to do it. This usually takes about three or four days for one vulnerability, and maybe a week for a bunch of vulnerabilities. However, with Aikido Security it took me two to three hours.

    Aikido Security has positively impacted my organization significantly because initially we were thinking it would take a month for us to achieve SOC 2 compliance again. With Aikido Security, we were able to get all codebase vulnerability fixes within a week for all our 13 or 14 repositories that we had.

    What needs improvement?

    To improve Aikido Security, the main thing I would suggest is regarding the UUID that was being flagged in the codebase. I had a certain object with a UUID that was being considered as a private secret key or API key, which was not the case. It was a false positive alarm, and if Aikido Security solves that, then it will be perfectly fine.

    For how long have I used the solution?

    I have been using Aikido Security for around two to three weeks.

    What do I think about the stability of the solution?

    Aikido Security is stable.

    What do I think about the scalability of the solution?

    Aikido Security is pretty scalable. We did not encounter any problems, so it worked seamlessly for us.

    Which solution did I use previously and why did I switch?

    I did not previously use a different solution.

    Before choosing Aikido Security, we tried GitHub Copilot and observed how the GitHub Copilot agent performed. It did a horrible job, so we moved to Aikido Security.

    What was our ROI?

    I have seen a return on investment with time saved. We needed fewer employees because of that as well. We got SOC 2 compliant very fast with Aikido Security. We were expecting to complete the compliance in a month, but I figured out Aikido Security could do it within a week for all our 13 repositories.

    What other advice do I have?

    My advice for others looking into using Aikido Security is that you should give it a try. Aikido Security will resolve all your vulnerabilities quickly, and if you have test cases already written in your branch, it will do a pretty good job. I would rate this solution a 9 out of 10.

    Dylan E.

    Effortless Security Testing with Comprehensive Coverage

    Reviewed on May 04, 2026
    Review provided by G2
    What do you like best about the product?
    I find Aikido Security's automated security testing suite to be quite extensive and a real value for the price, especially compared to others. It covers everything needed for DevSecOps, including SAST, SCA, DAST, Container Scanning, and VM scanning, all running automatically with little configuration hassle. The ease of integration with code repositories and hosting providers is a major plus, plus setting up was simpler compared to other vendors. The process is straightforward: integrate your repositories and servers, and it works with minimal setup. I also appreciate how similar issues are grouped together in the findings, which simplifies management. The automatic picking up of changes by developers speeds up our ability to fix issues, reducing security risks effectively.
    What do you dislike about the product?
    The Aikido Agent uses quite a lot of RAM, meaning we need to keep that in mind for our production servers. There were a few instances where support was not super helpful, but also other times they were fine.
    What problems is the product solving and how is that benefiting you?
    Aikido Security automates security testing with comprehensive scans, helping us find and fix vulnerabilities efficiently. It integrates with our repositories, speeding up our time to address issues and reducing risk from cybercrime. The setup is straightforward and requires minimal configuration.
    Kasala A.

    Fast, Easy Security Scanning Across Repos and IDEs with Great Aikido Support

    Reviewed on Apr 08, 2026
    Review provided by G2
    What do you like best about the product?
    Good gives security vulnearabilities latest from all code repos and platfroms java python and checks with latest maven centrals,

    UI is good and easy go thorugh
    easy to integrate wth multiple IDES
    its quick and scan fast
    have good support from aikido team via slack channels etc
    have AI intelligent scaninng support and reports vulerablities and susgegstions
    What do you dislike about the product?
    not much everything going good but some times scans take older vulernaribilities and EOL issues can be ignored
    What problems is the product solving and how is that benefiting you?
    Code scannings and repositories with zero ulneraibiities and identifying critical high meidum low etc and able to give proper suggestions for vulnrabity fiexes