Aikido Security today launched Aikido Endpoint, a lightweight security agent designed to protect modern developer workstations. Endpoint directly addresses the surge in software supply chain attacks targeting open-source packages, IDE extensions, and AI development tools.
Developers have long faced security risks from installing unvetted packages, extensions, and plugins. The rapid enterprise adoption of AI coding tools such as Cursor, Windsurf, Claude Code, Codex, and Copilot has widened this gap, introducing new risks around sensitive data exposure, malicious add-ons, and ungoverned AI usage on developer machines.
Aikido Security is a developer-first cybersecurity platform that helps software teams find, prioritise, and fix security issues across their entire software stack — from code to cloud and runtime — in a unified, automated way.
I spoke to Madeline Lawrence, CGO at Aikido, to learn more.
Extending supply chain security beyond the CLI
Aikido Endpoint enables enterprises to securely and at scale fully embrace AI-native software development workflows. Before any package, IDE plugin, or browser extension is installed, Endpoint’s agent inspects it against Aikido Intel, the company's continuously updated threat intelligence feed, and blocks known malware automatically before it touches the filesystem. Any package published less than 48 hours ago is also held automatically, eliminating the highest-risk window for attacks.
Aikido Endpoint delivers three core capabilities:
- Ecosystem-wide malware protection. Real-time blocking of known malicious packages, extensions, and plugins across npm, PyPI, Maven, NuGet, VS Code, Chrome, and more.
- Granular access controls. Configures which teams can install what, with a built-in request and approval workflow for blocked packages.
- AI tool visibility and cost tracking. Full oversight of which AI models and services are running across developer workstations, with usage monitoring and cost tracking.
Endpoint builds on the foundation of Aikido Safe Chain, an open-source CLI wrapper downloaded over 200,000 times weekly to protect npm and pip installs from malicious packages. As supply chain attacks expand across more ecosystems and become harder to detect, CLI-based protection alone is not enough, particularly as it requires developers to manually install it on their machines.
Aikido Endpoint is the next step: deployed through existing MDM controls that monitor every package installed across the system, not just the ones routed through a specific CLI tool.
Endpoint is designed to disappear. A developer runs npm install, adds a browser plug-in, connects an AI tool, Aikido Endpoint checks it in the background and lets clean installs through without interruption, tickets, or delay. If something is malicious, it gets blocked before it touches the machine.
Lawrence asserts that the product succeeds when a developer forgets it's there.
“They move at full speed, install what they need, and never think about supply chain attacks, until the day Endpoint blocks something serious, and they realise how close they came.
The cliché example here is how relieved you are to be wearing a helmet if you get into an accident.
Endpoint allows devs to ship fearlessly.“
From skilled attackers to $8 malware
According to Lawrence, a year ago, writing a supply chain attack required real skill.
“You needed to understand package registries, CI/CD pipelines, obfuscation techniques, and how to write payloads that evade detection.
Now you need an $8 ChatGPT subscription. You don't even need to understand what npm is to write malware that spreads through it.
The skill barrier that once kept most people from engaging in supply chain attacks is largely gone.”
AI is also fueling much more sophisticated attacks. In the past year, we’ve gone from single-package compromises to self-replicating worms to full CI/CD pipeline hijacks chaining across registries.
A bored teenager with an LLM can now produce attacks that are functionally indistinguishable from APT-grade supply chain compromises.
The sophistication gap between nation-state actors and script kiddies has never been smaller. AI-enabled attacks surged 89 per cent year over year.
Aikido’s threat intelligence engine, Aikido Intel, now analyses nearly 100,000 malicious packages a day vs 20,000 this time last year.
And developers have struggled to keep pace.
Lawrence explained that traditional endpoint solutions were built for corporate laptops, like standard employees downloading Word docs and PDFs.
“Developer devices were simply lumped in with the same security tools, even though the threat surface is fundamentally different.”
Endpoint extends Aikido’s developer-first philosophy by placing a security layer at the point where code enters the developer machine, before it touches repos, CI systems, or infrastructure. It runs as a lightweight agent and covers the three surfaces that matter most for developers: package registries, IDE and browser extensions, and AI tools.
The developer role is shifting to orchestration
Further, the developer role is changing. It’s less about writing code and more about reviewing and orchestrating AI-generated code.
“So the challenge is: how do you give developers tools to safely review and ship that at scale?”
And explainability extends to not only humans but also systems.
“Bots need to understand your code. If your code isn’t structured, readable, and explainable, you’ll create massive technical debt. Two engineers can now generate as much technical debt as fifty did before.”
Making insights translate to action
Building endpoint security that actually works for developers requires a careful balance: protecting systems without adding friction, noise, or yet another stream of alerts that engineers will eventually ignore. In reality, most organisations haven’t solved this—they’ve simply settled into trade-offs.
Lawrence asserts that today, most companies are stuck in one of three bad positions.
At one end are organisations that lock everything down. By restricting access to external tools and dependencies—often through private registries—they create tightly controlled environments. That model can work in highly regulated sectors like banking, but for most teams, it comes at a cost: speed.
“They block everything, creating an iron wall between developers and the open internet. It works for banks—but kills speed everywhere else.”
The result is predictable. Developers route around restrictions by using second laptops, disabling VPNs, or finding other workarounds, thus introducing more risk in the process.
“When security becomes an obstacle, developers don’t stop—they work around it.”
At the other extreme are companies that accept the risk by default. Without effective tooling to govern what developers install and run, they fall back on permissiveness.
“They allow and pray. With no real governance, they just hope nothing goes wrong.”
Some attempt a middle ground, manually reviewing requests as they come in.
In theory, it offers control without blanket restrictions. In practice, it doesn’t scale.
“Manual vetting sounds sensible, until you try to do it at scale.”
All of these approaches are increasingly out of step with how software is built today. As AI accelerates development and compresses release cycles, the cost of slowing engineers down is no longer just inefficiency—it’s existential.
According to Lawrence, “None of these approaches work when AI is compressing development cycles. Move too slowly, and you fail.”
From Ghent to unicorn: how Aikido scaled in three years
Aikido was co-founded by CEO, CTO and co-founder Willem Delbare, a Serial SaaS entrepreneur with multiple successful exits (Teamleader, Officient, Valpeo, and Futureproofed).
Madeline Lawrence joined Aikido as a late co-founder and Chief Growth Officer. Previously, she was a Partner at Peak, a $150 million venture capital fund, and served on the Advisory Board of TNW.
The company raised $60 million Series B at a $1B valuation in January this year and is one of the fastest cybersecurity companies to reach unicorn status — in just three years — globally, and according to the company, the fastest ever in Europe.
Lawrence attributes its scale in part to being based in Ghent:
“There’s nothing to do. It removes distractions. We’re mostly in-office, highly focused.”
The company hires for end-to-end ownership—there are no traditional junior roles, and everyone is expected to ship a complete product. Many are former founders: high-agency operators who can work independently, which is how the team maintains its speed.
Aikido has expanded its offices to the UK and San Francisco.
Opening the black box of supply chain risk
Aikido open-sources its supply chain research, publishing every detected malware and vulnerable package in real time via its open threat intelligence feed.
In addition, it offers an open Package Health monitor, designed to help developers make more informed decisions about the dependencies they choose to build with.
The tool provides transparency into key risk signals, including maintainer stability and reputation, project maturity, dependency risk, and attestations — verifying that a package is what it claims to be, built where it claims to be built, and by whom.
As supply chain attacks become more frequent and harder to detect, Aikido is betting that visibility — not just protection — will play a critical role in securing modern software development.
Would you like to write the first comment?
Login to post comments