Your earliest warning for supply chain threats
Aikido Intel is the real-time supply chain intelligence feed. We detect malware and vulnerabilities in open-source ecosystems within minutes.
Most Recent
Featured Research
Google API keys keep working after you delete them
Protect Developer Devices
from Supply Chain Attacks.
Block malicious packages, IDE extensions, browser plugins, and AI tools before install.
Latest Publications
Subscribe to hear about
critical security incidents
We'll send you updates on incidents as and when they happen
Google API keys keep working after you delete them
Deleting a Google API key doesn't revoke it immediately. Our testing found successful authentications up to 23 minutes after deletion, and Google has declined to fix it.
.png)
The Wild West of VS Code extensions and how a poisoned extension breached GitHub
A poisoned VS Code extension breached GitHub yesterday, one day after Nx Console (2.2M installs) was compromised for 18 minutes on the Visual Studio Marketplace and reached every user with auto-update on.
GitHub breached via a malicious VS Code extension: why developer devices are the real target
GitHub confirmed a poisoned VS Code extension compromised an employee device, exposing 3,800 internal repos. Why developer workstations are now the top supply chain target.
Our Intel, your security
Our engine automates security analysis using the same methodologies trusted by professional pentesters.
License the Intel Database
Use our threat intelligence to strengthen your internal security operations. Get access through our commercial API.
Protect Developer Devices
Block malicious packages, IDE extensions, browser plugins, and AI tools before install.
Secure Your Supply Chain
Secure third-party dependencies, identify real threats, remediate automatically with Aikido.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant