Your earliest warning for supply chain threats
Aikido Intel is the real-time supply chain intelligence feed. We detect malware and vulnerabilities in open-source ecosystems within minutes.
Most Recent
Protect Developer Devices
from Supply Chain Attacks.
Block malicious packages, IDE extensions, browser plugins, and AI tools before install.
Latest Publications
Subscribe to hear about
critical security incidents
We'll send you updates on incidents as and when they happen
Compromised Rust crate onering performs code exfiltration
The compromised onering Rust crate v1.4.1 on crates.io shipped a malicious build.rs that exfiltrates the diff of your latest commit to a hosted Sentry endpoint every time you build.
.jpg)
10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums
Aikido Security discovered a critical unauthenticated authentication bypass in phpBB affecting tens of millions of users. A single HTTP request is all it takes to take over any account — a vulnerability that's been sitting in the codebase since 2014.
Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System
Deep dive into binding.gyp, the often overlooked npm build file that can execute malicious code at install time through shell expansions, sandbox escapes, and compiler hijacking.
Our Intel, your security
Our engine automates security analysis using the same methodologies trusted by professional pentesters.
License the Intel Database
Use our threat intelligence to strengthen your internal security operations. Get access through our commercial API.
Protect Developer Devices
Block malicious packages, IDE extensions, browser plugins, and AI tools before install.
Secure Your Supply Chain
Secure third-party dependencies, identify real threats, remediate automatically with Aikido.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant