Aikido launches Endpoint
- Aikido launched Endpoint, a developer-end product to secure AI-native workflows directly on developer machines. - Endpoint is built to surface supply-chain risks, secrets and AI-generated malware before code leaves a laptop. - The product signals growing demand for local guardrails and dependency scanning in developer tooling (tech.eu).
Aikido Security launched Endpoint on April 20, adding a device-level agent that screens what developers install before code ever leaves their laptops. (tech.eu) The product checks packages, integrated development environment extensions, browser plugins, and artificial intelligence tools against Aikido’s threat-intelligence feed, then blocks known malware before it reaches the file system. Aikido said Endpoint also automatically holds any package published less than 48 hours earlier. (tech.eu) Aikido’s site says the agent covers ecosystems including npm, PyPI, Maven, NuGet, Visual Studio Code, Chrome, JetBrains, Firefox, and OpenVSX, and it can be deployed through mobile device management tools such as Jamf, Kandji, Intune, and JumpCloud. (aikido.dev, help.aikido.dev) Software supply-chain attacks work by slipping malicious code into the tools developers trust, such as open-source packages or editor add-ons, so the compromise starts on the machine where code is written. Tech.eu said Aikido built Endpoint as companies adopt tools like Cursor, Windsurf, Claude Code, Codex, and GitHub Copilot on employee workstations. (tech.eu) That focus moves security earlier than repository scans or continuous integration checks. Aikido said its older Safe Chain command-line wrapper protects npm and pip installs and is downloaded more than 200,000 times a week, but Endpoint watches installs across the whole system instead of only traffic routed through one command-line tool. (tech.eu) Aikido is pushing the product a few months after raising a $60 million Series B at a $1 billion valuation on January 14, 2026. The Ghent-based company said that round would fund a broader push into “self-securing software” and continuous penetration testing. (aikido.dev, securityweek.com) The company’s pitch is that developer laptops now hold publish tokens, cloud credentials, source code access, and direct links to production systems, making them a higher-value target than a standard employee device. Endpoint closes by putting approval controls and monitoring on the workstation itself, where the first risky install happens. (markets.businessinsider.com, aikido.dev) The launch leaves Aikido extending the same promise it has used across code, cloud, and runtime security: fewer separate tools, but closer to where developers actually work. With Endpoint, that now means the laptop, not just the build pipeline. (aikido.dev, tech.eu)
