Explore more publications!
Burundi Industry Journal
Got News to Share?

Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by inspecting and blocking risky packages, IDE extensions, browser plugins, and AI tools before they're ever installed.

The launch follows the worst stretch of supply chain compromises in open source history. In March 2026, a single threat group called TeamPCP chained stolen credentials across four major projects - Trivy, Checkmarx KICS, LiteLLM, and Telnyx - in under ten days. Days later, Axios, the most widely used HTTP client in JavaScript with over 100 million weekly downloads, was compromised separately through a hijacked maintainer account.

Every one of these attacks targeted the same thing: developer devices. These machines hold cloud credentials, npm publish tokens, SSH keys, Kubernetes configs, and direct access to source code. In multiple attacks over the past year, a single compromised developer credential has been used to publish malicious versions of legitimate packages, triggering cascading compromises across thousands of downstream organizations. Yet most enterprises still secure these machines the same way they secure a sales team's laptop.

The problem is compounding on two fronts. On offense, the barrier to writing supply chain malware has collapsed. On the endpoint itself, AI coding agents are now pulling packages, utilizing tools, and adding dependencies autonomously, multiplying the attack surface on developer machines. Aikido Intel, the company's threat intelligence engine, now identifies over 100,000 malicious packages per day across open source registries, up from roughly 20,000 a day a year ago.

What Aikido Endpoint Does

Existing supply chain security tools focus on code repositories, CI/CD pipelines, or individual package managers. Endpoint works differently: it sits on the device itself and monitors every install across the machine, blocking threats before they ever reach the device. Endpoint also enforces protective defaults like minimum install age. It blocks any package published less than 48 hours ago, thereby closing the window when new threats are most likely to go undetected.

Coverage spans npm, PyPI, Maven, NuGet, VS Code extensions, browser extensions, AI agent skills marketplaces, and more.

Endpoint builds on Safe Chain, Aikido’s popular open-source CLI firewall with over 200,000 weekly downloads. Safe Chain's install-blocking protection already defends against the attack patterns behind Shai-Hulud, TeamPCP, and the Axios compromise. Endpoint is the enterprise-grade step: deployed through existing MDM controls, providing governance controls, request-and-approval workflows, and covering every package manager and marketplace on the machine.

“Writing a supply chain attack used to require real skill. Now you need an $8 ChatGPT subscription. In twelve months, we went from single-package compromises to self-replicating worms to full CI/CD pipeline hijacks chaining across registries. Aikido Endpoint is built for this new reality,” said Charlie Eriksen, Lead Security Researcher at Aikido.

“The developer device is the Achilles’ heel of the software supply chain. These machines hold the credentials, the publish tokens, and the keys to production. Most organizations have zero visibility into what's being installed on them – by human or agent. Endpoint puts a security layer between the open internet and every developer machine in the company,” said Willem Delbare, co-founder and CEO of Aikido.

About Aikido Security

Founded in Ghent, Belgium, Aikido Security builds security tooling for modern development teams. The company's unified platform secures code, cloud, and runtime. Aikido is the fastest European cybersecurity company to reach unicorn status and is trusted by over 100,000 teams, with customers including the Premier League, Revolut, SoundCloud, and Niantic.

For more information, visit https://www.aikido.dev/.

Contact Information
LaunchSquad for Aikido Security
aikido@launchsquad.com


Primary Logo

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share us

on your social networks:
Facebook Facebook LinkedIn LinkedIn
AGPs

Get the latest news on this topic.

SIGN UP FOR FREE TODAY

No Thanks

By signing to this email alert, you
agree to our Terms & Conditions