Most cybersecurity companies still sell the same way they did years ago.
You fill out a form, wait for a reply, sit through qualification calls, book a demo, negotiate pricing, and only then get a chance to see whether the product is useful.
Aikido went in the opposite direction.
In just three and a half years, the company scaled to more than $40 million in ARR in one of the most sales-heavy categories in software. That result did not come from copying the standard enterprise security playbook. It came from rebuilding the buying experience around product, speed, and trust.
What makes the story especially interesting is that Aikido was not started by longtime security insiders. It was started by operators who had felt the pain of buying and using security tools themselves.
Here is what made the company grow so quickly.
The Pain That Sparked Aikido
Aikido came out of direct frustration.
Before starting the company, the founders had spent years building SaaS products. In one of those businesses, they were handling highly sensitive customer data, including salary information, addresses, and emergency contacts. Security mattered, but the tooling was a mess.
They ended up using around eight different products across code scanning, cloud security, identity, and dynamic testing. That stack created a second problem: it needed humans just to operate it. Teams had to learn each tool, maintain each workflow, and spend huge amounts of time triaging alerts.
That last part became the breaking point.
Security tools are infamous for false positives, and the more software you ship, the more noise you create. At one point, the work became so repetitive and draining that a security engineer quit because the job had turned into endless alert review.
That was the insight. The problem was not that companies lacked security products. The problem was that the available products created too much friction, too much noise, and too much operational overhead.
So Aikido was built as the tool the founders wished they had when they were buyers.
Why Cybersecurity Needed a PLG Rethink
The traditional cybersecurity buying process is broken in ways many software categories have already moved past.
The typical journey is slow, opaque, and expensive. Buyers often have to go through multiple calls before seeing the product. Pricing is hidden. Trials are limited or gated. By the time a team gets hands-on access, weeks may have passed.
That model also inflates cost. A large share of the contract value often goes to sales and marketing rather than product delivery. For smaller and mid-sized software companies, that becomes hard to justify fast. When security spend starts consuming an outsized share of revenue, something feels off.
Aikido took a simpler view: let people try the product, publish pricing, and adapt to how the customer wants to buy.
If a prospect wants a demo, give them a demo. If they want to explore alone and pay by card, let them do that. If they never want a sales call, respect that.
That flexibility matters because the company is selling into developers as much as security teams. Developers usually do not want to be dragged through a long buying process. They want to connect a repo, test the product, and see whether it works.
Aikido reduced the distance between curiosity and value. That is a major reason the product-led motion works in a category where many assumed it would not.
Trust in Security Without Heavy Sales
Security is a trust-heavy category, so a lighter buying motion only works if credibility shows up fast.
Aikido built that trust in a few practical ways.
First, the product had to work exactly as users expected. That sounds obvious, but in security it is hard. There are many edge cases, integrations, and compatibility issues that can break a self-serve experience. The team spent close to a year getting the setup and product flow to a point where users could click through and get value quickly.
Second, they treated trust as a product and brand problem, not just a sales problem.
That meant investing early in visible signals like:
- a trust center
- transparent architecture explanations
- clear communication about how code is handled
- early compliance work around SOC 2 and ISO
- customer logos and case studies
- open support access when buyers wanted help
This approach worked especially well for developer audiences. Developers often prefer to validate trust through experience first. If the product installs easily, works cleanly, and the company is transparent about how it operates, confidence grows much faster.
The broader lesson is useful beyond cybersecurity: in product-led companies, trust often has to be earned before the first conversation, not during it.
What Drove Aikido’s Fast Growth
There was no single growth hack behind the run to $40 million ARR.
The biggest driver was that the business was designed for scale from the start.
Because customers can evaluate and buy without heavy handholding, growth does not require a huge services layer. Aikido still supports enterprise buying cycles, but the product can carry much more of the load than a traditional security vendor.
That creates two advantages.
One is efficiency. The company does not need to manually push every lead through the funnel.
The other is speed. Buyers can get to value much faster than they can with competitors. In some enterprise evaluations, teams finished testing Aikido while still trying to get competing products set up. That speed can decide the deal before a formal comparison is even complete.
Fast time-to-value is one of the most underrated weapons in B2B software. Many companies complain that their sales cycle is too long while ignoring how many hoops they built into the path.
Aikido shortened the path, and that made the whole motion easier to scale.
Compliance and AI Fueling Demand
Aikido also benefited from strong market tailwinds.
Software development keeps expanding. Open source usage keeps growing. AI tools are helping more people ship software. That means more code, more cloud infrastructure, more APIs, and more surface area to secure.
At the same time, compliance requirements are spreading downmarket. Standards like SOC 2 and ISO 27001 are no longer concerns reserved for large enterprises. Smaller SaaS companies increasingly need them too, either because customers demand them or because the market expects them.
That creates a compounding demand loop. One company gets compliant and then expects its vendors to meet the same bar. Those vendors then push the requirement further outward.
Security tools that generate evidence, run checks, and support compliance workflows become more necessary as that loop expands.
In other words, Aikido is operating where several trends overlap:
- more software being built
- more security risk from open source and cloud environments
- more compliance obligations
- more urgency from AI-driven software creation
That is a strong place to be.
Building a Security Platform Day One
Aikido made another unusual bet early: build a platform, not a point solution.
In many software categories, buyers are tired of stitching together dozens of narrow tools. Cybersecurity has been especially fragmented, which makes consolidation attractive if one vendor can deliver high quality across modules.
That is the challenge, of course. Platform strategies often fail when breadth comes at the expense of quality.
Aikido’s answer was organizational. Each module is treated almost like its own mini startup with deep technical ownership, while central product and architecture leadership ensure everything fits together cleanly.
That structure helps the company avoid becoming a pile of disconnected features.
It also fits the segment they serve best. Mid-market companies often need broad coverage, but they usually do not have the wildly complex edge cases of the Fortune 500. That gives Aikido room to deliver a unified platform that is both useful and manageable.
And because customers compare modules directly against specialists, the feedback stays honest. If a module is not good enough, buyers say so quickly.
Brownfield vs Greenfield Growth
One of the smartest ideas in the conversation was the distinction between brownfield and greenfield growth.
Aikido started in brownfield territory. It entered an existing market and displaced tools companies were already using. That path is harder in some ways because incumbents are entrenched, but it is also more predictable. Buyers can clearly explain what is missing and what it would take for them to switch.
That creates a practical feedback loop for product teams.
Greenfield markets move differently. They form around new capabilities that did not really exist before, often creating much faster growth for the early winners. In AI, many of the breakout companies are operating in greenfield territory.
Aikido is now starting to move into that faster-moving space with AI-native security capabilities such as AI pen testing.
The company’s position today is a hybrid: a strong brownfield base with an expanding greenfield opportunity on top. That combination may matter a lot. The existing platform gives stability, while the newer AI products create access to faster growth curves.
For founders, the takeaway is clear. Brownfield markets can be a strong way to build traction and learn. Greenfield opportunities can accelerate growth later if the company is ready to move.
A Practical View of AI in Security
Aikido’s view on AI is more measured than the usual hype cycle.
In security, full AI replacement is not always the right answer. Some tasks benefit from deterministic scanners because they are fast, predictable, and binary. A control either passes or fails. A check either finds the issue or it does not.
Other tasks benefit from AI, especially when context, judgment, or false-positive reduction matter. That is where AI can improve triage, analysis, and exploratory testing.
So the likely future is hybrid.
Deterministic systems will keep handling the jobs they are best at. AI will increasingly handle the jobs where flexibility and reasoning matter more. Over time, those experiences may blend together so smoothly that users stop caring which layer is doing the work.
That is a practical stance, and probably a durable one.
Can AI Replace Human Pen Testing?
According to Roeland and Aikido, for a typical SaaS business with a web app or API and a standard annual pentest requirement for SOC 2 or ISO, AI pen testing can already replace a large portion of human work. That is a meaningful shift because those engagements used to require agencies, calendars, and expensive manual effort.
But the replacement is not universal.
Highly specialized environments still create edge cases where human experts matter more. Large banks, custom internal infrastructure, unusual network setups, and ultra-sensitive systems are harder to automate fully. There are also institutional barriers. Certifications and standards bodies still tend to assume a human-led process, which slows adoption even when the technology is ready.
So the near-term future looks uneven. Standardized testing will move toward AI quickly. Expert-led work for unusual or critical cases will likely stay human for longer.
That pattern shows up in many industries, and cybersecurity seems headed the same way.
The Bigger Lesson
Aikido’s growth story is not just about security.
It is about what happens when a company enters a stale category and removes friction buyers have learned to tolerate. Faster setup, transparent pricing, strong product quality, and trust built into the experience can create a huge advantage even in markets that seem dominated by enterprise sales.
The company also shows that product-led growth does not mean sales disappears. It means the product carries more of the journey, while the team steps in where help actually adds value.
That distinction matters.
Aikido did not win by rejecting enterprise needs. It won by respecting buyer preferences, compressing time-to-value, and building a platform that made security easier to adopt and easier to manage.
That is a powerful formula in any category where the old way still feels harder than it should.
Resources
- 🚀 Aikido Security: https://www.aikido.dev/
- 💼 Connect with Roeland Delrue on LinkedIn: https://www.linkedin.com/in/roelanddelrue/
- 💼 Connect with Wes Bush on LinkedIn: https://www.linkedin.com/in/wesbush/
- 💼 Connect with Esben Friis-Jensen on LinkedIn: https://www.linkedin.com/in/esbenfriisjensen/
- 🧠 Sign up for the ProductLed Newsletter: https://www.productled.com/newsletter
Want to build your own product-led growth engine?
Aikido is a strong reminder that product-led growth can work in categories many people assume require heavy sales.
If you want to build a product that earns trust faster, gets users to value sooner, and scales without adding friction at every step, ProductLed has resources to help:
- 👉 Book a Free Growth Session to get personalized advice on your biggest PLG challenges
- 👉 Join the ProductLed MBA™ and learn the frameworks top product-led companies use to scale
- 👉 Download the ProductLed Playbook for free resources you can apply right away
- 👉 Subscribe to the newsletter for weekly insights on building smarter
