Fight AI with AI. Root now runs inside Claude Code and Codex

Attackers are moving at AI speed. Most enterprise defenders are still moving at ticket speed. These plugins are how we close that gap.

On offense: attackers are pairing AI with vulnerability research and package hijacking. The TeamPCP campaign that hit Trivy, axios, LiteLLM, and CheckMarx KICS in Q1 was AI-accelerated end to end. It won't be the last.

On defense: enterprise CISOs are largely sitting this one out. The posture is still "AI is the risk, so we restrict it." The attackers get faster, the defenders get slower, and the gap widens every quarter.

That's the asymmetry we're closing today.

What's new

Root now runs inside Claude Code and Codex. When your AI coding agent edits a dependency manifest, our plugins check every package against Root's patch catalog and offer to apply backported fixes inline. Your agent pulls a package, Root's agent checks it, the patch flows back through the same conversation. AI on one side, AI on the other. Deployable by any developer in under a minute.

How it works

When your AI assistant edits a package manifest (package.json, pom.xml, requirements.txt, pyproject.toml, Pipfile), rootio_patcher runs in dry-run mode, counts vulnerable packages with available Root patches, and notifies the assistant. The assistant offers to apply. You approve. The lockfile updates. You keep coding.

No version bumps. No upgrade treadmill. Root patches are backported to the exact version you're running, so fixes land without breaking your build.

Using Root in Claude Code

Claude Code uses a PostToolUse hook. Grab an API key from the authentication docs, then:

bash

curl -fsSL https://raw.githubusercontent.com/rootio-avr/root-ai/main/install.sh | ROOTIO_API_KEY=<your-key> bash

That installs the rootio_patcher CLI, plugin, hook, skill, and registry config for npm, Maven, and pip. Restart Claude Code and you're live.

A real interaction:

1. You ask Claude Code to add a dependency. It edits package.json.

2. The hook fires. rootio_patcher npm remediate --dry-run runs in the background.

3. Claude: "Found 3 vulnerable packages with Root patches available. Apply them?"

4. You say yes. Claude runs the patcher and npm install. Done.

Trigger manually anytime: "Check for Root patches." Full setup in the Claude Code docs.

Using Root in Codex

Codex uses a plugin manifest. Commit this to your project's marketplace.json (or your personal one):

json

{
  "plugins": [
    {
      "name": "rootio-patcher",
      "source": "https://github.com/rootio-avr/root-ai",
      "path": "platforms/codex"
    }
  ]
}

Codex loads the rootio-patcher skill whenever you touch a dependency file, asks to scan, and offers to apply Root patches if any surface. Here's an actual run:

Full setup in the Codex docs.

Safe AI adoption, for real

"Safe AI adoption" usually ends at restricting tools. That slows your engineers without slowing the attackers using AI against them.

The right frame is narrower: can your engineers use AI coding agents with a safety harness that catches malware in the dependencies those agents pull? That's what these plugins do. Malware protection, built into the authoring loop.

Root's platform runs on AI agent swarms that backport CVEs in 15 to 40 minutes. Not achievable with manual engineering. It's the only way defense matches the speed of the offense, and these plugins push that capability into the exact place developers spend their day.

Build your own

Not using Claude Code or Codex? The same patch data is in the Root REST API:

• GET /v1/patches: filter CVE patches by ecosystem, severity, status

• GET /v1/external/patch_feed: public patch feed, no auth

• GET /v1/avrs/{avrID}/artifacts/vex: VEX from the remediation pipeline

The call

Your engineers are already using Claude Code or Codex. They're shipping code with AI-generated dependencies right now. The question isn't whether AI belongs in your stack. It's already there. The question is whether your team gets to use AI on defense too, or whether you hand that advantage to the other side.

Set it up once. Every edit your agent makes, Root is there.

Get started with Claude Code →

Get started with Codex →

Explore the API →