GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by inspecting and blocking risky packages, IDE extensions, browser plugins, and AI tools before they're ever installed.
The launch follows the worst stretch of supply chain compromises in open source history. In March 2026, a single threat group called TeamPCP chained stolen credentials across four major projects - Trivy, Checkmarx KICS, LiteLLM, and Telnyx - in under ten days. Days later, Axios, the most widely used HTTP client in JavaScript with over 100 million weekly downloads, was compromised separately through a hijacked maintainer account.
Every one of these attacks targeted the same thing: developer devices. These machines hold cloud credentials, npm publish tokens, SSH keys, Kubernetes configs, and direct access to source code. In multiple attacks over the past year, a single compromised developer credential has been used to publish malicious versions of legitimate packages, triggering cascading compromises across thousands of downstream organizations. Yet most enterprises still secure these machines the same way they secure a sales team's laptop.
The problem is compounding on two fronts. On offense, the barrier to writing supply chain malware has collapsed. On the endpoint itself, AI coding agents are now pulling packages, utilizing tools, and adding dependencies autonomously, multiplying the attack surface on developer machines. Aikido Intel, the company's threat intelligence engine, now identifies over 100,000 malicious packages per day across open source registries, up from roughly 20,000 a day a year ago.
What Aikido Endpoint Does
Existing supply chain security tools focus on code repositories, CI/CD pipelines, or individual package managers. Endpoint works differently: it sits on the device itself and monitors every install across the machine, blocking threats before they ever reach the device. Endpoint also enforces protective defaults like minimum install age. It blocks any package published less than 48 hours ago, thereby closing the window when new threats are most likely to go undetected.
Coverage spans npm, PyPI, Maven, NuGet, VS Code extensions, browser extensions, AI agent skills marketplaces, and more.
Endpoint builds on Safe Chain, Aikido’s popular open-source CLI firewall with over 200,000 weekly downloads. Safe Chain's install-blocking protection already defends against the attack patterns behind Shai-Hulud, TeamPCP, and the Axios compromise. Endpoint is the enterprise-grade step: deployed through existing MDM controls, providing governance controls, request-and-approval workflows, and covering every package manager and marketplace on the machine.
“Writing a supply chain attack used to require real skill. Now you need an $8 ChatGPT subscription. In twelve months, we went from single-package compromises to self-replicating worms to full CI/CD pipeline hijacks chaining across registries. Aikido Endpoint is built for this new reality,” said Charlie Eriksen, Lead Security Researcher at Aikido.
“The developer device is the Achilles’ heel of the software supply chain. These machines hold the credentials, the publish tokens, and the keys to production. Most organizations have zero visibility into what's being installed on them – by human or agent. Endpoint puts a security layer between the open internet and every developer machine in the company,” said Willem Delbare, co-founder and CEO of Aikido.
About Aikido Security
Founded in Ghent, Belgium, Aikido Security builds security tooling for modern development teams. The company's unified platform secures code, cloud, and runtime. Aikido is the fastest European cybersecurity company to reach unicorn status and is trusted by over 100,000 teams, with customers including the Premier League, Revolut, SoundCloud, and Niantic.
For more information, visit https://www.aikido.dev/.
Recommended For You:
