aikido | no bullsh*t security for devs
@aikidosecurity.bsky.social
No bullsh*t security for devs.
Secure code, cloud, and runtime in one central system. fix issues automatically.
Get back to building. 🔗 aikido.dev
Secure code, cloud, and runtime in one central system. fix issues automatically.
Get back to building. 🔗 aikido.dev
Honored for protecting 2 billion requests per month. Because apparently, that’s plaque-worthy.
October 30, 2025 at 12:35 PM
Honored for protecting 2 billion requests per month. Because apparently, that’s plaque-worthy.
⚡️JUST DROPPED: The State of AI in Security & Development
We asked 450 CISOs, AppSec engineers and developers across Europe and the US how AI is changing the way we build and secure software.
We asked 450 CISOs, AppSec engineers and developers across Europe and the US how AI is changing the way we build and secure software.
October 22, 2025 at 1:01 PM
⚡️JUST DROPPED: The State of AI in Security & Development
We asked 450 CISOs, AppSec engineers and developers across Europe and the US how AI is changing the way we build and secure software.
We asked 450 CISOs, AppSec engineers and developers across Europe and the US how AI is changing the way we build and secure software.
Breaking: Allseek and Haicker are joining Aikido
Together we’re launching Aikido Attack, autonomous pentests that think like hackers and run in hours, not weeks.
We’re entering a new chapter in pentesting and we’re excited to have the teams from Allseek and Haicker with us on this journey.
Together we’re launching Aikido Attack, autonomous pentests that think like hackers and run in hours, not weeks.
We’re entering a new chapter in pentesting and we’re excited to have the teams from Allseek and Haicker with us on this journey.
September 24, 2025 at 8:42 AM
Breaking: Allseek and Haicker are joining Aikido
Together we’re launching Aikido Attack, autonomous pentests that think like hackers and run in hours, not weeks.
We’re entering a new chapter in pentesting and we’re excited to have the teams from Allseek and Haicker with us on this journey.
Together we’re launching Aikido Attack, autonomous pentests that think like hackers and run in hours, not weeks.
We’re entering a new chapter in pentesting and we’re excited to have the teams from Allseek and Haicker with us on this journey.
Did you catch the premiere? → aikido.dev/meetjarno
September 22, 2025 at 2:44 PM
Did you catch the premiere? → aikido.dev/meetjarno
Here are a few places where Jarno does interviews, the rest are better left offline. But you can always meet him and ask -> aikido.dev/meetjarno
September 19, 2025 at 10:05 AM
Here are a few places where Jarno does interviews, the rest are better left offline. But you can always meet him and ask -> aikido.dev/meetjarno
How did we scale from 30 to 140 team members in a year? Simple.
Always be recruiting.
Have you met Jarno? → aikido.dev/meetjarno
Always be recruiting.
Have you met Jarno? → aikido.dev/meetjarno
September 18, 2025 at 3:50 PM
How did we scale from 30 to 140 team members in a year? Simple.
Always be recruiting.
Have you met Jarno? → aikido.dev/meetjarno
Always be recruiting.
Have you met Jarno? → aikido.dev/meetjarno
Reposted by aikido | no bullsh*t security for devs
#1 Product of the Day, #3 Developer Tool of the Week.
Crushed it.
Crushed it.
Secure everything you build, host, and run. Aikido now launching at #1 on Product Hunt 🔥
Please upvote here → www.producthunt.com/products/aik...
Please upvote here → www.producthunt.com/products/aik...
September 18, 2025 at 8:20 AM
#1 Product of the Day, #3 Developer Tool of the Week.
Crushed it.
Crushed it.
🍿
September 17, 2025 at 3:04 PM
🍿
Secure everything you build, host, and run. Aikido now launching at #1 on Product Hunt 🔥
Please upvote here → www.producthunt.com/products/aik...
Please upvote here → www.producthunt.com/products/aik...
September 11, 2025 at 1:09 PM
Secure everything you build, host, and run. Aikido now launching at #1 on Product Hunt 🔥
Please upvote here → www.producthunt.com/products/aik...
Please upvote here → www.producthunt.com/products/aik...
tHe biGGesT sUpplY cHaiN atTAck iN hISTory!!!!!11
safe chain stars went brrr
Free to use. Open source.
safe chain stars went brrr
Free to use. Open source.
September 11, 2025 at 11:40 AM
tHe biGGesT sUpplY cHaiN atTAck iN hISTory!!!!!11
safe chain stars went brrr
Free to use. Open source.
safe chain stars went brrr
Free to use. Open source.
Reposted by aikido | no bullsh*t security for devs
New, from me:
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The […]
[Original post on infosec.exchange]
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The […]
[Original post on infosec.exchange]
![a phishing message tied to the newly registered phishing domain npmjs[.]help, which is a tld away from NPM's real login page, npmjs.com.
npm <support@npmjs.help> 08:47 (55 minutes ago)
to marsup ¥ Inbox © ® O <& Reply Actionsv
Hi, marsup!
As part of our ongoing commitment to account security, we are requesting that all
users update their Two-Factor Authentication (2FA) credentials. Our records indicate
that it has been over 12 months since your last 2FA update.
To maintain the security and integrity of your account, we kindly ask that you
complete this update at your earliest convenience. Please note that accounts with
outdated 2FA credentials will be temporarily locked starting September 10, 2025, to
prevent unauthorized access.
Update 2FA Now
1f you have any questions or require assistance, our support team is available to help. You may
contact us through this link.
Preferences - Terms - Privacy - Sign in to npm](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:eyixtuogercyaq5npymdzi5l/bafkreig3rsjn6xwtpaeztf4sj6mfp5277u7o7omc7ky2gdy34gmdpcj6uu@jpeg)
September 8, 2025 at 11:01 PM
New, from me:
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The […]
[Original post on infosec.exchange]
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The […]
[Original post on infosec.exchange]
Reposted by aikido | no bullsh*t security for devs
it appears the same attackers also compromised the JavaScript package duckdb (~350k downloads a week):
https://www.aikido.dev/blog/duckdb-npm-packages-compromised
https://www.aikido.dev/blog/duckdb-npm-packages-compromised
duckdb npm packages compromised
The popular package duckdb was compromised by same attackers that hit debug and chalk
www.aikido.dev
September 9, 2025 at 4:16 PM
it appears the same attackers also compromised the JavaScript package duckdb (~350k downloads a week):
https://www.aikido.dev/blog/duckdb-npm-packages-compromised
https://www.aikido.dev/blog/duckdb-npm-packages-compromised
Le maintainer: “I’ve been pwned. Sorry everyone, very embarrassing.”
Brian Krebs covered the npm supply chain compromise, featuring insights from our own @charlieeriksen.bsky.social, who broke the news.
Full article → krebsonsecurity.com/2025/09/18-p...
Brian Krebs covered the npm supply chain compromise, featuring insights from our own @charlieeriksen.bsky.social, who broke the news.
Full article → krebsonsecurity.com/2025/09/18-p...
September 9, 2025 at 2:27 PM
Le maintainer: “I’ve been pwned. Sorry everyone, very embarrassing.”
Brian Krebs covered the npm supply chain compromise, featuring insights from our own @charlieeriksen.bsky.social, who broke the news.
Full article → krebsonsecurity.com/2025/09/18-p...
Brian Krebs covered the npm supply chain compromise, featuring insights from our own @charlieeriksen.bsky.social, who broke the news.
Full article → krebsonsecurity.com/2025/09/18-p...
MAINTAINER UPDATE: The maintainer of debug & chalk has taken down the packages and locked down his account; some packages remain affected.
The phishing email used to target debug/chalk was 'support [at] npmjs [dot] help'
The phishing email used to target debug/chalk was 'support [at] npmjs [dot] help'
September 8, 2025 at 3:56 PM
MAINTAINER UPDATE: The maintainer of debug & chalk has taken down the packages and locked down his account; some packages remain affected.
The phishing email used to target debug/chalk was 'support [at] npmjs [dot] help'
The phishing email used to target debug/chalk was 'support [at] npmjs [dot] help'
Update! The goal of the attacker is crypto.
September 8, 2025 at 3:51 PM
Update! The goal of the attacker is crypto.
🚨URGENT: A series of popular packages maintained by qix have just been compromised.
Compromised packages include:
• has-ansi - 12 million weekly downloads - V6.0.1
• supports-hyperlinks - 19m weekly downloads - v4.1.1
• chalk-template - 3.9m weekly downlaods - V1.1.1
Compromised packages include:
• has-ansi - 12 million weekly downloads - V6.0.1
• supports-hyperlinks - 19m weekly downloads - v4.1.1
• chalk-template - 3.9m weekly downlaods - V1.1.1
September 8, 2025 at 3:45 PM
🚨URGENT: A series of popular packages maintained by qix have just been compromised.
Compromised packages include:
• has-ansi - 12 million weekly downloads - V6.0.1
• supports-hyperlinks - 19m weekly downloads - v4.1.1
• chalk-template - 3.9m weekly downlaods - V1.1.1
Compromised packages include:
• has-ansi - 12 million weekly downloads - V6.0.1
• supports-hyperlinks - 19m weekly downloads - v4.1.1
• chalk-template - 3.9m weekly downlaods - V1.1.1
In Khachatur’s words: “We didn’t make cars smaller so they could squeeze between trees, we built roads so we could drive them everywhere. AI code generation is the car. Together, we’re building the road.”
September 5, 2025 at 12:05 PM
In Khachatur’s words: “We didn’t make cars smaller so they could squeeze between trees, we built roads so we could drive them everywhere. AI code generation is the car. Together, we’re building the road.”
Happening this Thursday ❤️🔥
We’re back with the next edition of ~all vibes /no vulns.
Hosted by our own Mackenzie Jackson, with special guests Igor A. (CISO @ Lovable) and Bil Harmer (CISO @ Supabase).
Together we’ll build, hack, and secure an app in real time.
Join us → luma.com/lovablexaiki...
We’re back with the next edition of ~all vibes /no vulns.
Hosted by our own Mackenzie Jackson, with special guests Igor A. (CISO @ Lovable) and Bil Harmer (CISO @ Supabase).
Together we’ll build, hack, and secure an app in real time.
Join us → luma.com/lovablexaiki...
September 2, 2025 at 7:43 AM
Happening this Thursday ❤️🔥
We’re back with the next edition of ~all vibes /no vulns.
Hosted by our own Mackenzie Jackson, with special guests Igor A. (CISO @ Lovable) and Bil Harmer (CISO @ Supabase).
Together we’ll build, hack, and secure an app in real time.
Join us → luma.com/lovablexaiki...
We’re back with the next edition of ~all vibes /no vulns.
Hosted by our own Mackenzie Jackson, with special guests Igor A. (CISO @ Lovable) and Bil Harmer (CISO @ Supabase).
Together we’ll build, hack, and secure an app in real time.
Join us → luma.com/lovablexaiki...
The wait is over. Aikido Code Quality is live.
Our favorite part? Roast mode. 🥵
Activate at your own risk → aikido.dev/quality
Our favorite part? Roast mode. 🥵
Activate at your own risk → aikido.dev/quality
August 28, 2025 at 1:25 PM
The wait is over. Aikido Code Quality is live.
Our favorite part? Roast mode. 🥵
Activate at your own risk → aikido.dev/quality
Our favorite part? Roast mode. 🥵
Activate at your own risk → aikido.dev/quality
🚨 ALERT: The NPM package NX has been compromised (4.6m weekly downloads) - malicious versions (v20.9–20.12 & 21.5–21.8) were published on Aug 26 2025.
The compromised packages have a postinstall script that scans for credentials and post them to the users GitHub account.
The compromised packages have a postinstall script that scans for credentials and post them to the users GitHub account.
August 27, 2025 at 10:07 AM
🚨 ALERT: The NPM package NX has been compromised (4.6m weekly downloads) - malicious versions (v20.9–20.12 & 21.5–21.8) were published on Aug 26 2025.
The compromised packages have a postinstall script that scans for credentials and post them to the users GitHub account.
The compromised packages have a postinstall script that scans for credentials and post them to the users GitHub account.
Happening TOMORROW.
Willem Delbare (CEO & Co-founder, Aikido) and Khachatur V. (CEO & Co-founder, Trag) go live to talk about the future of code review.
Quality code is secure code. Let’s talk about it → lu.ma/aikidoxtrag
Willem Delbare (CEO & Co-founder, Aikido) and Khachatur V. (CEO & Co-founder, Trag) go live to talk about the future of code review.
Quality code is secure code. Let’s talk about it → lu.ma/aikidoxtrag
August 27, 2025 at 8:57 AM
Happening TOMORROW.
Willem Delbare (CEO & Co-founder, Aikido) and Khachatur V. (CEO & Co-founder, Trag) go live to talk about the future of code review.
Quality code is secure code. Let’s talk about it → lu.ma/aikidoxtrag
Willem Delbare (CEO & Co-founder, Aikido) and Khachatur V. (CEO & Co-founder, Trag) go live to talk about the future of code review.
Quality code is secure code. Let’s talk about it → lu.ma/aikidoxtrag
We merged Trag into Aikido, to build the future of LLM-native code review together.
Join Willem Delbare (Aikido) and Khachatur V. (Trag) for a live session on what this merger means, how AI code review is changing, and what’s next with our unified code + security product.
Join Willem Delbare (Aikido) and Khachatur V. (Trag) for a live session on what this merger means, how AI code review is changing, and what’s next with our unified code + security product.
August 22, 2025 at 1:45 PM
We merged Trag into Aikido, to build the future of LLM-native code review together.
Join Willem Delbare (Aikido) and Khachatur V. (Trag) for a live session on what this merger means, how AI code review is changing, and what’s next with our unified code + security product.
Join Willem Delbare (Aikido) and Khachatur V. (Trag) for a live session on what this merger means, how AI code review is changing, and what’s next with our unified code + security product.
Reposted by aikido | no bullsh*t security for devs
🔒 Security isn’t a checklist, it’s a mindset, built into every step of development.
#Aikido helps developers grow by learning secure coding in context; each vulnerability they fix makes them better at preventing the next.
👇👇👇
www.aikido.dev/customer-sto...
#Aikido helps developers grow by learning secure coding in context; each vulnerability they fix makes them better at preventing the next.
👇👇👇
www.aikido.dev/customer-sto...
Securing Belgium’s data future: how Athumi brings dev-first security to government & beyond
Athumi enables secure data flows in Belgium. Discover how they scaled decentralized DevSecOps and compliance with Aikido's developer-first approach.
www.aikido.dev
August 21, 2025 at 8:21 PM
🔒 Security isn’t a checklist, it’s a mindset, built into every step of development.
#Aikido helps developers grow by learning secure coding in context; each vulnerability they fix makes them better at preventing the next.
👇👇👇
www.aikido.dev/customer-sto...
#Aikido helps developers grow by learning secure coding in context; each vulnerability they fix makes them better at preventing the next.
👇👇👇
www.aikido.dev/customer-sto...
Big news: Trag is now part of Aikido
AI is writing more code than ever, and developers are stuck reviewing it with tools that were never built for this.
Devs deserve better.
That’s why we brought Trag into Aikido.
AI is writing more code than ever, and developers are stuck reviewing it with tools that were never built for this.
Devs deserve better.
That’s why we brought Trag into Aikido.
August 21, 2025 at 3:29 PM
Big news: Trag is now part of Aikido
AI is writing more code than ever, and developers are stuck reviewing it with tools that were never built for this.
Devs deserve better.
That’s why we brought Trag into Aikido.
AI is writing more code than ever, and developers are stuck reviewing it with tools that were never built for this.
Devs deserve better.
That’s why we brought Trag into Aikido.
is somebody gonna match my freak
August 19, 2025 at 3:37 PM
is somebody gonna match my freak