Endpoint security for developer workstations | Aikido Security Block malicious packages before install. Monitor AI tools across every developer workstation. One agent, deployed through your MDM. No new infrastructure.

Powered by Aikido Intel. Build fearlessly → aikido.dev/protect/endpoint-protection

Introducing Aikido Endpoint Protection.

Developer devices have been under attack. In the last few months alone, Shai Hulud, TeamPCP, Axios, and Vercel were all compromised through developer devices.

Aikido Endpoint Protection secures everything your devs install before it reaches the device.

We’ve been gatekeeping this for a while… Introducing Snake Oil™

Next-generation fragrance. Purpose-built. Military-grade. Cloud-native. Agentic essence. Compliant. “CISO-approved” in some states.

No, we won’t tell you what it costs.

Just smell it → aikido.dev/perfume

(Results may vary)

👀 -> betterleaks.com

Betterleaks: The Gitleaks Successor Built for Faster Secrets Scanning Betterleaks is a new open source secrets scanner from the creator of Gitleaks. A drop-in replacement with faster scans, token efficiency detection, configurable validation, and more.

Betterleaks is designed to scan faster, detect secrets more accurately, and make validation and rule creation more flexible. Oh, and your AI agent can use it too. It's an easy drop-in replacement.

Simply put, a better secrets scanner.

Read the full announcement -> aikido.dev/blog/betterl...

Introducing Betterleaks, a new open source secrets scanner built by the original creator of Gitleaks, Zach Rice.

Aikido Infinite: Continuous AI Pentesting for Every Release Aikido Infinite runs AI penetration testing on every code change, validates exploitability, generates patches, and retests fixes before code hits production, making self-securing software a reality.

Read More: www.aikido.dev/blog/introdu...

Software can now secure itself.

→ www.aikido.dev/attack/infin...

Self-securing software is coming to RSAC. Yes, it's Matrix themed.

This is NOT a Super Bowl ad

From “no bullsh*t security” to $1 billion valuation in three years.

Announcing $60M Series B at $1B led by Tom Stafford at DST Global.

What’s next? Self-securing software.
Stay tuned.

feeling ✨ seasonal ✨

meet Jarno -> www.aikido.dev/meetjarno

Turn alert overload into instant clarity. Security Zen awaits.

Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks AI-driven GitHub Actions expose new prompt-injection supply chain vulnerabilities.

Full research on "PromptPwnd" here: www.aikido.dev/blog/promptp...

2) Or use aikido, which automatically identifies unsafe AI prompt flows in our free tier: app.aikido.dev

GitHub - AikidoSec/opengrep-rules Contribute to AikidoSec/opengrep-rules development by creating an account on GitHub.

How to check if you are affected:

1) Scan your GitHub Action files using Opengrep (we provides rules: github.com/AikidoSec/op...

Recommendations:

• Remove or restrict privileged tools available to AI agents
• Never send untrusted PR/issue content directly into AI prompts
• Treat AI-generated output as untrusted code
• Limit the blast radius of GitHub tokens (IP-restricted tokens recommended)

If you use AI agents in GitHub Actions/GitLab CI/CD check your pipelines
immediately.

What we found:

• Confirmed exposure in 5 F500 companies
• Google’s Gemini CLI repository was also impacted (fixed)
• Vulnerability pattern is already present in real-world workflows
• Likely affects many more orgs using AI agents in CI/CD

Attackers can submit crafted issues/PRs that trick the AI into executing privileged GitHub CLI commands – leaking secrets or modifying CI/CD workflows.

We uncovered a systemic weakness in how AI agents like
GeminiApp, Claudeai code, OpenAI codex, and @github.com AI inference are integrated into GitHub Actions and @gitlab.com CI/CD

🚨We just hacked Google’s Gemini CLI, and multiple undisclosed Fortune 500 companies, through prompt injections in GitHub Actions.

The Future of Pentesting Is Autonomous: Announcing Aikido Attack Meet Aikido Attack: autonomous AI pentesting that detects, exploits, and validates real vulnerabilities across your stack. Fast results, full context, zero noise.

Read more: www.aikido.dev/blog/the-fut...

What does pentesting look like in the next era of development? Meet Aikido Attack.

-> www.aikido.dev/attack/aipen...

Aikido Original now streaming in SF

We’ve been waiting to share this. Aikido SF is now open for business. 🤝

Our middle-out expansion is real.

Honored for protecting 2 billion requests per month. Because apparently, that’s plaque-worthy.

State of AI in Security & Development 2026: CISOs & Devs Respond to AI Risks 450 CISOs and developers reveal how AI is reshaping security and software development, and how teams are responding to new risks and real breaches.

Key findings:
• 1 in 5 have faced a serious breach linked to AI code
• 96% believe AI will one day write secure code
• 65% say false positives are driving risky behavior

Read the full report -> www.aikido.dev/state-of-ai-...

⚡️JUST DROPPED: The State of AI in Security & Development
We asked 450 CISOs, AppSec engineers and developers across Europe and the US how AI is changing the way we build and secure software.

Aikido Attack | Autonomous AI Pentests Audit-ready pentests without the wait. Full report in days, instant retests, low cost, and continuous validation powered by AI agents.

We’re entering a new chapter in pentesting and we’re excited to have the teams from Allseek and Haicker with us on this journey.

Get early access → www.aikido.dev/attack/aipen...