Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cybersecurity is a multi-billion-dollar field that touches everyone, students, teachers, universities, and organizations of every size. Hardly a week goes by without a major data breach or attack making headlines. Yet, despite the urgency, the world faces a critical cybersecurity skills gap: millions of roles remain unfilled because graduates often leave school without the hands-on experience needed to succeed.

Last night, our automated Aikido Intel system alerted us that potentially malicious code was detected in some packages within the @nx scope, which include packages with as many as ~6 million weekly downloads. The scope and impact of this breach are significant, as the attacker chose to publish the stolen data directly on GitHub, rather than sending it to their own servers. This means that there’s a SIGNIFICANT amount of credentials that are publicly available on GitHub.

TL;DR: Bazel builds fast but made security a mess. No lockfiles, no visibility, lots of manual work. Aikido now scans Bazel projects automatically, flags risky dependencies, and saves you from custom scripts and CI hacks.

Modern development teams do far more than simply write code. Now, with the help of AI, software development organizations are orchestrating its creation, maintenance, and delivery at a bigger scale than ever before. Tools like Windsurf and Devin from Cognition help developers across the Software Development Lifecycle (SDLC) by augmenting people with multi-step reasoning agents that can write code.

AI penetration testing is changing how organizations identify and exploit vulnerabilities. Instead of relying on traditional manual tests or basic automated scans, autonomous systems now simulate attacker behavior continuously and at scale. These systems use agentic AI to execute real-world exploits, reduce noise, and shift security left, all while keeping human experts focused on the creative flaws machines can’t yet catch.

TL;DR: Aikido and Root have teamed up to deliver hardened container images that fix vulnerabilities fast while letting you keep your current base image. Patch timelines shrink from months to minutes. More about the launch below, or check out our docs. Keeping containers secure isn’t as simple as “just update.” While it sounds straightforward, anyone who’s tried it in a real app knows it’s far from easy.

TL;DR We’ve partnered with TuxCare so you can fix vulnerabilities in legacy dependencies instantly, without rewrites or risky upgrades. Stay secure, compliant, and keep building without trade-offs. Read on for the full launch, or check out our docs to go deeper. As engineering teams scale, managing vulnerabilities in third-party libraries becomes one of the biggest blockers to shipping safely and quickly.

We’re teaming up with our friends at Postman to bring API security even closer to where developers already work. With the upcoming Aikido Security + Postman integration, you’ll be able to view recent security scans for your API collections—without ever leaving Postman. No new tabs. No switching tools. Just quick, clear security insights as you’re building. It’s never been easier to build and scale secure APIs as your organization grows.

You're probably here because you’re inundated (and fed-up!) with the number of acronyms around security tools, platforms, and processes. Every software provider wants to differentiate themselves in a crowded space with new capabilities, leaving developers and security pros exhausted.‍ So here’s our no nonsense list of security acronyms to help you figure out what’s what.

Open source libraries form the backbone of modern software – but they can also introduce serious vulnerabilities if left unchecked. High-profile incidents like the Log4j “Log4Shell” fiasco proved that a single flawed dependency can put countless organizations at risk. In fact, a 2024 report found that 84% of codebases contained at least one known open source vulnerability, and 74% had high-risk vulnerabilities – up sharply from the previous year.