AikidoSecurity launches dev‑tool protector

Aikido Security launched Aikido Endpoint on April 20, 2026, adding developer-device protection to its software security platform as supply-chain attacks increasingly target the tools engineers install on their own machines. The Ghent, Belgium-based company said the lightweight agent is designed to inspect and block risky packages, IDE extensions, browser plugins and AI tools before they are installed. Aikido tied the launch to a run of recent attacks that moved through developer tooling rather than production infrastructure. Its product pages say the service is aimed at giving security teams visibility and control over software packages installed across developer workstations. ### Why is Aikido focusing on the developer laptop instead of the production server? Aikido said developer devices have become a supply-chain entry point because attackers can hide inside package registries, IDE marketplaces and browser-extension ecosystems that engineers trust every day. (finance.yahoo.com) The company’s launch post said Endpoint monitors installs across npm, PyPI, VS Code extensions, browser extensions and AI tools. Aikido’s help documentation says Device Protection is built to stop malware before installation rather than to scan a machine after compromise. (finance.yahoo.com) The company says the product is “not a virus scanner” and will not detect or remove malware that is already on a device. ### What exactly does the product claim to block? Aikido’s Device Protection page says the tool blocks malicious browser extensions, IDE plugins and code libraries, and gives teams an inventory of software packages found on connected devices. (aikido.dev) Its help center says that inventory covers browser extensions, code libraries, IDE plugins and build dependencies. Aikido Intel, the company’s public threat feed, describes the same pitch in broader terms: “Protect Developer Devices from Supply Chain Attacks” by blocking malicious packages, IDE extensions, browser plugins and AI tools before install. (help.aikido.dev) ### Which attacks is this launch responding to? Aikido said in its April 20 announcement that the release came after “the worst stretch of supply chain compromises in open source history.” The company cited March 2026 activity in which a threat group it called TeamPCP chained stolen credentials across projects including Trivy, Checkmarx KICS, LiteLLM and Telnyx. (aikido.dev) BleepingComputer reported last week that a separate “Shai-Hulud” campaign compromised hundreds of packages across npm and PyPI and delivered credential-stealing malware aimed at developers. (intel.aikido.dev) Aikido has also published research on the return of the “Glassworm” campaign, which it said hid malware in more than 150 GitHub repositories as well as npm packages and VS Code extensions. ### How does this matter for labs and other technical teams? (finance.yahoo.com) Labs that rely on instrument SDKs, cloud notebooks, vendor package managers or browser-based admin consoles increasingly depend on the same developer tooling stack used by software teams. A malicious IDE extension or package on a scientist’s or engineer’s workstation can expose credentials, code-signing material or internal repositories before any production defense is triggered; that is an inference based on the attack patterns described by Aikido and other security reporting. (bleepingcomputer.com) Aikido’s documentation frames the control point as installation itself: the company says it is trying to prevent risky software from landing on the device in the first place, while also giving administrators a package-level inventory across machines. ### What comes next for users evaluating the tool? Aikido’s public product, help and intelligence pages now list Device Protection as an active offering, with package-browsing documentation and live threat updates already posted. (aikido.dev) The next practical step for prospective users is on those Aikido pages, where the company describes deployment, inventory views and the limits of what the agent will and will not detect. (aikido.dev) (help.aikido.dev)