Welcome to our blog.

Introducing Upgrade Impact Analysis: When breaking changes actually matter to your code

Upgrade Impact Analysis: When Breaking Changes Actually Matter | Aikido

Aikido automatically detects breaking changes in dependency upgrades and analyzes your codebase to show real impact, so teams can merge security fixes safely.

Claude Opus 4.6 Found 500 Vulnerabilities. What Does This Change for Software Security?

Claude Opus 4.6 Found 500 Vulnerabilities: What It Means for Software Security

Anthropic claims Claude Opus 4.6 uncovered 500+ high-severity vulnerabilities in open source. Here’s what that means for vulnerability discovery, exploitability validation, and production security workflows.

Introducing Aikido Expansion Packs: Safer defaults inside the IDE

Aikido Expansion Packs: Safer Defaults Inside the IDE

Aikido Expansion Packs add focused security controls directly inside your IDE. Enable secrets protection, supply chain malware checks, and AI-assisted code security without changing developer workflows.

International AI Safety Report 2026: What It Means for Autonomous AI Systems

International AI Safety Report 2026: Aikido Security Analysis

Aikido Security's analysis of the International AI Safety Report 2026. We examine deployment-time controls, validation requirements, and practical safety baselines for autonomous AI systems.

Over 100 experts contributed to the International AI Safety Report 2026, documenting risks from autonomous AI systems and proposing defense-in-depth frameworks. As a team operating AI pentesting systems in production, we break down where the report gets it right and where it needs more technical specificity.

Self-Securing Software: What It Is, Why It Matters, and How It Works

What Is Self-Securing Software? A New Security Model for Modern Software

Self-securing software is a security model where systems continuously validate and remediate real risk as they change. Learn why periodic testing no longer scales.

Self-securing software treats security as a built-in system capability, not a periodic process. This article explains why modern software demands a new security model and what makes it possible today.

Secure SDLC for Engineering Teams (+ Checklist)

Secure SDLC Explained: The 5 Pillars of a Secure Software Development Lifecycle

Learn what a Secure SDLC is, why it matters, and the five pillars every team needs. Includes a practical Secure SDLC checklist for CTOs and engineering leaders.

Top 10 AI Security Tools For 2026

Top 10 AI Security Tools for 2026: Features, Pros, and Comparisons

Explore the top AI security tools for 2026. Compare platforms for AI code review, vulnerability detection, pentesting, and risk management to secure modern applications.

Building Continuous Compliance with Aikido and Comp AI

Continuous Compliance With Aikido and Comp AI

Learn how Aikido and Comp AI enable continuous compliance by turning real-time security data into always-up-to-date audit evidence for SOC 2, ISO 27001, HIPAA, and GDPR.

Top 10 Cyber Security Tools For 2026

Top 10 Cybersecurity Tools for 2026: Detection, Cloud, XDR & AppSec

A practical breakdown of the top 10 cybersecurity tools for 2026, covering endpoint, cloud, identity, vulnerability management, and XDR. Learn how to choose the right tool for your stack and risk profile.

What Is Continuous Pentesting?

What Is Continuous Pentesting? How Modern Teams Reduce Exploitable Risk

Continuous pentesting automatically tests real attack paths every time software changes, validating and fixing issues as part of the development lifecycle. Learn how it compares to AI and manual pentesting.

Continuous pentesting treats security as a living system, not a one-off test. Learn how modern teams use it to reduce exploitable risk as software changes.

npx Confusion: Packages That Forgot to Claim Their Own Name

We claimed 128 unclaimed npm package names that official docs told developers to npx. Seven months later: 121,000 downloads. All would have run arbitrary code.

Introducing Aikido Package Health: a Better Way to Trust Your Dependencies

Aikido Package Health: Health Score for Open Source Packages

See how stable and well-maintained an open source package really is. Aikido Package Health helps devs choose safer dependencies with confidence.

AI Pentesting: Minimum Safety Requirements for Security Testing

When Is AI Pentesting Safe? Minimum Safety Requirements for Security Testing

AI pentesting systems act autonomously against live environments. Learn when AI pentesting is safe to use, the minimum technical safeguards required, and how to evaluate AI security testing tools responsibly.

AI pentesting is already here, but clear safety expectations are not. This article defines a minimum safety standard for AI pentesting, giving teams a concrete baseline to evaluate emerging tools.

Fake Clawdbot VS Code Extension Installs ScreenConnect RAT

A malicious VS Code extension impersonating Clawdbot is installing ScreenConnect RAT on developer machines.

The Top 7 Threat Intelligence Tools in 2026

Top 7 Threat Intelligence Tools in 2026: Cut Noise and Focus on Real Risk

A deep dive into the top threat intelligence tools of 2026, comparing how they reduce alert fatigue, add context, and help teams prioritize real-world security risks.

Top 14 VS Code Extensions for 2026

Top 14 VS Code Extensions for 2026: Productivity, Testing, Security, and Collaboration

A practical guide to the best VS Code extensions for 2026, covering productivity, testing, collaboration, and security tools that improve real-world developer workflows.

G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets

npm package ansi-universal-ui delivers GWagon infostealer targeting 100+ crypto wallets, browser credentials, and cloud keys. We analyzed all 10 versions as the attacker iterated in real-time.

Pentest GPT: How LLMs Are Reshaping Penetration Testing

Pentest GPT: How AI Is Changing Penetration Testing

Explore how Pentest GPT uses LLMs to automate attack reasoning, simulate real exploits, and scale testing. See how Aikido validates every finding.

Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages

A targeted spear-phishing campaign used npm packages and jsDelivr as free phishing infrastructure, serving custom credential harvesters per victim

Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT

Attackers published fake spellchecker packages to PyPI with malware hidden in plain sight. We break down the attack and what developers need to watch for.

Agent Skills Are Spreading Hallucinated npx Commands

AI agent skills are propagating hallucinated npx commands, creating real security and reliability risks for developers and supply chains.

Understanding Open-Source License Risk in Modern Software

Open-source license risk hides in dependencies and container images. Learn what it is, why it matters, and how to catch issues early.

Open source moves fast, but its licenses still have rules. This piece breaks down what open-source license risk is, why teams keep missing it in modern dependency trees, and how to stay compliant without turning it into a legal fire drill.

The CISO Vibe Coding Checklist for Security

CISO Vibe Coding Checklist: Securing AI-Built Apps

A practical security checklist for CISOs managing AI and vibe-coded applications. Covers technical guardrails, AI controls, and organizational policies.

AI-powered vibe coding lets anyone ship software. This post outlines the security risks CISOs are facing and introduces a practical checklist, informed by CISOs at Lovable and Supabase.

From “No Bullsh*t Security” to $1B: We Just Raised Our $60m Series B

Aikido Security Raises $60M at a $1B valuation

Aikido announces $60M Series B funding at a $1B valuation, accelerating its vision for self-securing software and continuous penetration testing.

Aikido becomes one of the fastest cybersecurity companies to reach unicorn status globally, and the fastest ever in Europe.

Critical n8n Vulnerability Allows Unauthenticated Remote Code Execution (CVE-2026-21858)

n8n Critical Vulnerability (CVE-2026-21858) | Unauthenticated RCE Explained

A critical vulnerability in n8n (CVE-2026-21858) allows unauthenticated remote code execution on self-hosted instances. Learn who is affected and how to remediate.

AI-Driven Pentesting of Coolify: Seven CVEs Identified

Seven CVEs in Coolify Identified Through AI Pentesting | Aikido

AI-driven pentesting of Coolify identified seven CVEs, including privilege escalation and remote code execution vulnerabilities. Findings were responsibly disclosed and fixed.

Aikido

JavaScript, MSBuild, and the Blockchain: Anatomy of the NeoShadow npm Supply-Chain Attack

NeoShadow npm Supply-Chain Attack: JavaScript, MSBuild & Blockchain

A deep technical analysis of the NeoShadow npm supply-chain attack, detailing how JavaScript, MSBuild, and blockchain techniques were combined to compromise developers.

SAST vs SCA: Securing the Code You Write and the Code You Depend On

SAST vs SCA Explained: Securing Your Code and Dependencies

earn how SAST and SCA differ, what risks each addresses, and why modern AppSec teams need both to secure code and dependencies.

Technical

Top 6 Continuous Pentesting Tools in 2026

Discover the leading continuous pentesting tools that provide real-time, AI-powered security testing for modern applications.

How Engineering and Security Teams Can Meet DORA’s Technical Requirements

DORA Technical Requirements for Engineering & Security Teams

Understand DORA’s technical requirements for engineering and security teams, including resilience testing, risk management, and audit-ready evidence.

Compliance

IDOR Vulnerabilities Explained: Why They Persist in Modern Applications

IDOR Vulnerability Explained: Why Insecure Direct Object References Persist

Learn what an IDOR vulnerability is, why insecure direct object references persist in modern APIs, and why traditional testing tools struggle to detect real authorization failures.

Shai Hulud strikes again - The golden path

A new strain of Shai Hulud has been observed in the wild.

MongoBleed: MongoDB Zlib Vulnerability (CVE-2025-14847) and How to Fix It

MongoBleed: MongoDB Zlib Vulnerability (CVE-2025-14847)

MongoBleed, tracked as CVE-2025-14847, allows unauthenticated memory disclosure in MongoDB via zlib compression. See impact and remediation.

First Sophisticated Malware Discovered on Maven Central via Typosquatting Attack on Jackson

Maven Central Malware: Jackson Typosquatting Delivers Cobalt Strike Payload

We uncovered the first sophisticated malware campaign on Maven Central: a typosquatted Jackson package delivering multi-stage payloads and Cobalt Strike beacons via Spring Boot auto-execution.

The Fork Awakens: Why GitHub’s Invisible Networks Break Package Security

A deep dive into a GitHub security flaw where forked commits let attackers spoof dependencies. Understand the commit SHA issue and why package managers need API-level protection.

SAST in the IDE is now free: Moving SAST to where development actually happens

Free SAST Scanning in Your IDE

Run free SAST scans directly in your IDE with real-time feedback and project-wide visibility. Use the same SAST rules and engine as Aikido, with optional AutoFix for supported findings.

AI Pentesting in Action: A TL;DV Recap of Our Live Demo

Aikido AI Pentesting: Live Demo Recap & FAQ

A recap of Aikido’s AI pentesting live demo. See how autonomous agents test real apps, validate findings, generate reports, and enable retesting.

Guides

Top 7 Cloud Security Vulnerabilities

Top 7 Cloud Security Vulnerabilities and How to Prevent Them

Discover the top seven cloud security vulnerabilities affecting modern environments. Learn how attackers exploit IMDS, Kubernetes, misconfigurations, and more, and explore strategies to protect your cloud infrastructure effectively.

How to Comply With the UK Cybersecurity & Resilience Bill: A Practical Guide for Modern Engineering Teams

Complying With the UK Cybersecurity & Resilience Bill | Security Guide

Learn how to meet the UK Cybersecurity & Resilience Bill requirements, from secure-by-design practices to SBOM transparency, supply chain security, and continuous compliance.

Compliance

React & Next.js DoS Vulnerability (CVE-2025-55184): What You Need to Fix After React2Shell

React & Next.js DoS Vulnerability (CVE-2025-55184) Explained

CVE-2025-55184 is a React Server Components DoS flaw related to React2Shell. Learn who’s affected, how it works, and how to fully patch it.

Top Software Supply Chain Security Vulnerabilities Explained

Software Supply Chain Security Vulnerabilities

Understand the biggest software supply chain security vulnerabilities, from malicious packages to dependency confusion attacks.

Top 10 JavaScript Security Vulnerabilities in Modern Web Apps

JavaScript Security Vulnerabilities | Top Risks

Learn the most frequent JavaScript security vulnerabilities affecting frontend and backend apps, including real-world attack vectors.

Top 10 Python Security Vulnerabilities Developers Should Avoid

Python Security Vulnerabilities | Top Issues

A practical overview of the most common Python security vulnerabilities, insecure patterns, and dependency-related risks.

Top 10 Code Security Vulnerabilities Found in Modern Applications

Code Security Vulnerabilities | Common Risks

Explore the most common code security vulnerabilities developers introduce, why they happen, and how teams can catch them earlier.

Top 9 Kubernetes Security Vulnerabilities and Misconfigurations

Kubernetes Security Vulnerabilities | Top Risks

Learn the most critical Kubernetes security vulnerabilities, common misconfigurations, and why clusters are often exposed by default.

Top 10 Web Application Security Vulnerabilities Every Team Should Know

Web Application Security Vulnerabilities | Top Risks

Discover the most common web application security vulnerabilities, real-world examples, and how modern teams can reduce risk early.

OWASP Top 10 for Agentic Applications (2026): What Developers and Security Teams Need to Know

OWASP Top 10 for Agentic Applications (2026): Full Guide to AI Agent Security Risks

Learn the OWASP Top 10 for Agentic Applications. Understand the top AI agent security risks, real-world examples, and how to harden your environment.

DAST vs Pentesting v AI Pentesting: Why DAST Cannot Replace Modern Pentesting

DAST vs Pentesting vs AI Pentesting: Key Differences Explained

Compare DAST, manual penetration testing, and AI pentesting. Learn where each approach works, where DAST falls short, and how AI pentesting enables deeper, continuous testing of modern applications.

Secrets Detection: A Practical Guide to Finding and Preventing Leaked Credentials

Secret Detection Guide: Find & Prevent Leaks

Learn how secret detection works, what counts as a secret (API keys, tokens, creds), where teams leak them, and how to prevent exposure in git, CI, and production.

What Is CSPM (and CNAPP)? Cloud Security Posture Management Explained

CSPM vs CNAPP: Cloud Posture Explained

A clear breakdown of CSPM and CNAPP: what they cover, how they reduce cloud risk, key features to look for, and how teams actually adopt them.

Detecting and Preventing Malware in Modern Software Supply Chains

Preventing Software Supply Chain Malware (Guide)

Explore how supply chain malware lands in modern codebases (typosquatting, dependency confusion, malicious updates) and the defenses that stop it early in CI/CD.

What Is IaC Security Scanning? Terraform, Kubernetes & Cloud Misconfigurations Explained

IaC Security Scanning for Terraform & Kubernetes

Understand IaC security scanning: how it detects cloud misconfigurations in Terraform/Kubernetes, what to prioritize, and how to prevent risky changes before deploy.

The Ultimate SAST Guide: What Is Static Application Security Testing?

Ultimate SAST Guide: Static Application Security Testing

A practical SAST explainer: how static application security testing works, what issues it finds, common pitfalls, and how to roll it out without drowning devs in noise.

Supply Chain Security: The Ultimate Guide to Software Composition Analysis (SCA) Tools

Supply Chain Security Guide: Best SCA Tools

Learn what SCA tools do, what they detect (vulnerable dependencies, licenses, malware), and how to choose the right software composition analysis solution for your stack.

Critical React & Next.js RCE Vulnerability (CVE-2025-55182): What You Need to Fix Now

Critical React & Next.js RCE Vulnerability CVE-2025-55182 Fix Guide

Learn how CVE-2025-55182 and the related Next.js RCE affect React Server Components. See impact, affected versions, and how to fix. Aikido now detects both issues.

PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents

Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks

AI-driven GitHub Actions expose new prompt-injection supply chain vulnerabilities.

Shai Hulud 2.0: What the Unknown Wonderer Tells Us About the Attackers’ Endgame

Shai Hulud 2.0: What the Unknown Wonderer Reveals About the Attackers’ Endgame

New research into the Shai Hulud 2.0 malware suggests the username UnknownWonderer1 tells us more about the attackers’ endgame.

SCA Everywhere: Scan and Fix Open-Source Dependencies in Your IDE

SCA in IDE: Scan and Fix Vulnerable Dependencies with AutoFix

Bring the full SCA workflow into your IDE with in-editor scanning and AutoFix. Detect vulnerable packages, review CVEs, and apply safe upgrades without leaving your development workflow.

Safe Chain now enforces a minimum package age before install

SafeChain Now Enforces a Minimum 24-Hour Package Age for Safer Installs

Safe Chain now enforces a minimum 24-hour package age to stop attackers using fresh releases as an entry point. Blocks malware early and falls back to safe versions.

Cloud Security Tools Explained: Key Capabilities & Evaluation Tips

Cloud Security Tools: Features & How to Choose

Discover the essential capabilities of Cloud Security tools and learn how to compare providers to protect your cloud environments.

ASPM Tools: Essential Features & How to Evaluate Vendors

ASPM Tools: Features & Evaluation Guide

Get an overview of Application Security Posture Management tools, their key capabilities, and the criteria for selecting the right ASPM platform.

DAST Tools: Features, Capabilities & How to Evaluate Them

DAST Tools: Key Features & Buyer’s Guide

Explore how DAST tools work, their most important features, and the evaluation criteria to consider when choosing a dynamic testing solution.

SAST Tools: Core Features & How to Choose the Best SAST Solution

SAST Tools: Features & Evaluation Guide

Learn the key capabilities of Static Application Security Testing tools and what to look for when selecting the ideal SAST solution for your workflow.

Top Javascript Security Tools

Best JavaScript Security Tools for Web & Node.js Apps

Compare top JavaScript security tools to scan npm packages, detect vulnerabilities and secure front-end and Node.js applications.

Top Python Security Tools

Top Python Security Tools for Safe Python Development

See the best Python security tools to scan packages, lint code, find vulnerabilities and protect your Python applications from common attacks.

Top Github Security Tools For Repository & Code Protection

Best GitHub Security Tools for Secure Repositories

Discover top GitHub security tools for scanning code, secrets and dependencies, protecting repos and enforcing secure development practices.

Top SOC 2 Compliance Tools For Automated Audit Readiness

Top SOC 2 Compliance Tools to Simplify Audits

Explore leading SOC 2 compliance tools that streamline evidence collection, map controls and simplify audits for fast-growing teams.

Top GCP Security Tools For Safeguarding Google Cloud

Best GCP Security Tools for Google Cloud Protection

Find the best GCP security tools to secure Google Cloud identities, networks, workloads and data with continuous monitoring and alerts.

Top 6 Multi-Cloud Security Tools in 2026

Top Multi-Cloud Security Tools for AWS, Azure & GCP

Discover top multi-cloud security tools that give unified visibility, policy enforcement and threat detection across AWS, Azure and GCP.

Top Runtime Security Tools

Best Runtime Security Tools for Cloud-Native Workloads

Learn about the best runtime security tools to detect threats in live containers, Kubernetes clusters and cloud workloads in real time.

Top CI/CD Security Tools For Pipeline Integrity

Top CI/CD Security Tools for Secure Software Delivery

Explore top CI/CD security tools that protect build pipelines, sign artifacts and enforce policies across your software delivery process.

Top Docker Security Tools

Best Docker Security Tools for Containers & Images

See the leading Docker security tools for scanning images, monitoring containers and enforcing policies in containerized environments.

Top Security Monitoring Tools

Top Security Monitoring Tools for Real-Time Threat Detection

Explore top security monitoring tools, including SIEM, log analytics and observability platforms, to detect threats in real time.

Top Code Security Tools For Secure Software Development

Top Code Security Tools for Developers in 2025

Discover top code security tools, including SAST, SCA and secret scanning, to secure your repositories and prevent supply chain attacks.

Top Software Security Testing Tools

Best Software Security Testing Tools Across the SDLC

Compare the best software security testing tools to scan source code, APIs and applications throughout the SDLC and reduce risk.

Top 23 Enterprise Security Tools For Scaling Security Operations

Explore top enterprise security tools built for large organizations, covering endpoints, cloud, identities, data and compliance requirements.

Top Security Automation Tools

Best Security Automation Tools & SOAR Platforms in 2025

Learn about the top security automation tools and SOAR platforms that orchestrate playbooks, reduce alert fatigue and speed up response.

Top IAST Tools For Interactive Application Security Testing

Best IAST Tools for Interactive Application Security Testing

Discover leading IAST tools that analyze running applications, uncover vulnerabilities and improve code security during testing.

Top Azure Security Tools for Protecting Your Microsoft Cloud

Top Azure Security Tools

Find the best Azure security tools to secure identities, networks and workloads across Microsoft Azure and hybrid cloud environments.

Top 8 AWS Security Tools in 2026

Best AWS Security Tools for Securing Your Cloud Environment

See the best AWS security tools to harden your cloud accounts, detect misconfigurations and monitor workloads across AWS services.

NPM Security Audit: The Missing Layer Your Team Still Need

Learn why npm audit isn’t enough to secure your Node.js dependencies and how Aikido Security provides the deeper, continuous protection your team needs against hidden supply-chain risks.

Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities

Shai Hulud Attacks Continue Through GitHub Actions Security Gaps

Shai Hulud threat actors are leveraging GitHub Actions vulnerabilities in an ongoing exploitation campaign. Discover the impact and recommended security measures.

Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised

Shai Hulud 2.0 Strikes Again: Malware Supply-Chain Attack Hits Zapier & ENS Domains

The threat actor behind “Shai Hulud 2.0” launched a new malware campaign compromising the supply chain of Zapier, ENS Domains and more — exposing secrets, injecting malicious code, and enabling widespread developer-environment takeover.

Revolut Selects Aikido Security to Power Developer-First Software Security

Revolut Chooses Aikido Security to Power Developer-First Software Security

Aikido Security delivers fast, accurate SCA, low-noise vulnerability alerts, and automated dependency upgrades to help Revolut’s global engineering teams maintain strong supply-chain security without slowing development.

Customer Stories

The Future of Pentesting Is Autonomous

The Future of Pentesting Is Autonomous: Announcing Aikido Attack

Meet Aikido Attack: autonomous AI pentesting that detects, exploits, and validates real vulnerabilities across your stack. Fast results, full context, zero noise.

How Aikido and Deloitte are bringing developer-first security to enterprise

Discover how Aikido Security and Deloitte Belgium are bringing developer-first, continuous security to the enterprise. Learn how unified tooling, AI-powered testing, and seamless integration deliver real protection at development speed.

Top XBOW Alternatives In 2026

Discover the top XBOW alternatives in 2026. Compare AI pentesting tools like Aikido Security for better coverage, lower false positives, and predictable pricing.

Top 7 Black Duck Alternatives in 2026

Discover the top 7 Black Duck alternatives for 2026, including Aikido Security, Snyk, Veracode, and more. Compare features, pricing, and why modern DevSecOps teams are leaving Black Duck for faster, developer-first security tools.

CORS Security: Beyond Basic Configuration

Learn what CORS really is, how browsers enforce it, and how to configure cross-origin requests securely. A practical guide to avoiding common CORS issues.

A practical guide to avoiding common CORS issues.

OWASP Top 10 2025: Official List, Changes, and What Developers Need to Know

OWASP Top 10 2025: Key Changes and What Developers Should Know

Discover what’s new in the OWASP Top 10 2025, including software supply chain failures and error handling risks, and how to strengthen your AppSec program.

Invisible Unicode Malware Strikes OpenVSX, Again

Another wave of Open VSX extensions were compromised today.

AI as a Power Tool: How Windsurf and Devin Are Changing Secure Coding

AI as a Power Tool: Secure Coding with Windsurf and Devin

Learn how Windsurf and Devin help developers code faster and stay secure. Real takeaways from Aikido’s Security Masterclass for AI-assisted coding.

Building Fast, Staying Secure: Supabase’s Approach to Secure-by-Default Development

Security by Design: How Supabase Builds Fast and Stays Secure

Supabase CISO Bill Harmer and Security Engineer Etienne Stalmans share how security is built into every layer of Supabase. From Row Level Security to pgTAP testing, learn how they design systems that move fast and stay secure by default.

The Top 7 Kubernetes Security Tools

Top 7 Kubernetes Security Tools for 2026

Explore 7 top Kubernetes security tools, open source to AI-powered. Learn how Aikido helps teams secure clusters from code to runtime

The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties

GitHub User Compromised with Invisible Malware

Threat actors are using Unprintable Unicode Characters to

AutoTriage and the Swiss Cheese Model of Security Noise Reduction

AutoTriage and the Swiss Cheese Model of Security Noise Reduction | Aikido Security

Traditional scanners overwhelm teams with false positives. Learn how Aikido’s layered Swiss-cheese approach- combining reachability analysis, reasoning-based AutoTriage, contextual prioritization, and AI-powered AutoFix- reduces security noise, prevents alert fatigue, and accelerates real vulnerability remediation.

Engineering

Security Masterclass: Supabase and Lovable CISOs on Building Fast and Staying Secure

Security Masterclass: Supabase & Lovable CISOs on Building Fast and Staying Secure

Supabase and Lovable CISOs share what every builder needs to keep speed without losing control. Real lessons from the Aikido Security Masterclass.

Aikido + Secureframe: Keeping compliance data fresh

Aikido + Secureframe Integration: Keep Compliance Fresh

Keep SOC 2 and ISO 27001 compliance accurate with live vulnerability data. Aikido syncs with Secureframe so audits stay fresh and devs keep building.

Compliance

A Guide to Container Privilege Escalation Vulnerabilities

Container Privilege Escalation Vulnerabilities Explained

Learn how container privilege escalation vulnerabilities work, the risks they pose, and steps to prevent attackers from gaining unauthorized access.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

September 15, 2025

•

Compliance

Complying with the Cyber Resilience Act (CRA) using Aikido Security

Learn how the CRA applies to your company and how Aikido can help you to comply

Tags/

#NIS2

#Compliance

#SOC 2

#Cyber Resilience Act

September 9, 2025

•

Guides & Best Practices

Top 10 Code Security Vulnerabilities Found in Modern Applications

Tags/

#Vulnerabilities

#Code Quality

#AppSec

September 9, 2025

•

Vulnerabilities & Threats

duckdb npm packages compromised

Tags/

#Malware

September 8, 2025

•

Product & Company Updates

AutoTriage Integration in IDE

Tags/

#SAST

#AI

#AutoTriage

#Triaging

September 5, 2025

•

Guides & Best Practices

Quantum Incident Response

Tags/

#AppSec

#Vulnerabilities

September 2, 2025

•

Product & Company Updates

Aikido for Students and Educators

Tags/

#Article

September 2, 2025

•

Product & Company Updates

Free hands-on security labs for your students

Tags/

#Article

August 27, 2025

•

Vulnerabilities & Threats

Popular nx packages compromised on npm

Tags/

#Malware

#Software Supply Chain Security

#intel

August 26, 2025

•

Vulnerabilities & Threats

WTF is Vibe Coding Security? Risks, Examples, and How to Stay Safe

Learn what vibe coding security is and how to keep the vibes without the vulnerabilities.

Tags/

#Vibe Coding

August 20, 2025

•

Guides & Best Practices

Detecting and Preventing Malware in Modern Software Supply Chains

Tags/

#Malware

#Software Supply Chain Security

August 13, 2025

•

Guides & Best Practices

NPM Security Audit: The Missing Layer Your Team Still Need

Tags/

#NPM

August 11, 2025

•

Product & Company Updates

Why Securing Bazel Builds is So Hard (And How to Make It Easier)

Tags/

#AppSec

#Dependencies

#Tools

#SCA

#open-source

February 13, 2026

•

Product & Company Updates

Introducing Upgrade Impact Analysis: When breaking changes actually matter to your code

Aikido automatically detects breaking changes in dependency upgrades and analyzes your codebase to show real impact, so teams can merge security fixes safely.

No items found.

January 14, 2026

•

Product & Company Updates

From “No Bullsh*t Security” to $1B: We Just Raised Our $60m Series B

Aikido announces $60M Series B funding at a $1B valuation, accelerating its vision for self-securing software and continuous penetration testing.

Announcements

May 21, 2025

•

Product & Company Updates

Reducing Cybersecurity Debt with AI Autotriage

We dive into how AI can assist us in a meaningful way to triage vulnerabilities and get rid of our security debt.

DevSecOps

AutoTriage

Triaging

February 4, 2026

•

Vulnerabilities & Threats

npx Confusion: Packages That Forgot to Claim Their Own Name

We claimed 128 unclaimed npm package names that official docs told developers to npx. Seven months later: 121,000 downloads. All would have run arbitrary code.

Malware

open-source

NPM

January 27, 2026

•

Vulnerabilities & Threats

Fake Clawdbot VS Code Extension Installs ScreenConnect RAT

A malicious VS Code extension impersonating Clawdbot is installing ScreenConnect RAT on developer machines.

Malware

VS Code

January 23, 2026

•

Vulnerabilities & Threats

G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets

npm package ansi-universal-ui delivers GWagon infostealer targeting 100+ crypto wallets, browser credentials, and cloud keys. We analyzed all 10 versions as the attacker iterated in real-time.

Malware

NPM

Software Supply Chain Security

August 19, 2025

•

DevSec Tools & Comparisons

Top 12 Dynamic Application Security Testing (DAST) Tools in 2026

Discover the 12 top best Dynamic Application Security Testing (DAST) tools in 2026. Compare features, pros, cons, and integrations to choose the right DAST solution for your DevSecOps pipeline.

Tools

DAST

July 18, 2025

•

DevSec Tools & Comparisons

Top 13 Container Scanning Tools in 2026

Discover the best 13 Container Scanning tools in 2026. Compare features, pros, cons, and integrations to choose the right solution for your DevSecOps pipeline.

Tools

Container Scanning

July 17, 2025

•

DevSec Tools & Comparisons

Top 10 Software Composition Analysis (SCA) tools in 2026

SCA tools are our best line of defense for open-source security, this article explores the top 10 open-source dependency scanners for 2026

Tools

SCA