Aikido Intel is your earliest warning for supply chain threats.
Our engine detects malware and vulnerabilities in open-source ecosystems within minutes.
Built by our team of security researchers & AI engineers.
Bookmark it: https://t.co/utLseYtAra
We found this crit a few weeks ago, tens of millions of users impacted across all phpBB forums. After 4 weeks, @J0R1AN is finally releasing the details in a blog post!
https://t.co/V4S3MGz6yB
idk what's crazier, the 9 minutes triage or that this 1 req bug wasn't found for years
On June 10th, we announced a critical auth bypass in phpBB, now CVE-2026-48611. Here's the technical followup with exploit scenarios and how to detect it.
All it takes is one unauthenticated request to log in as any user, admin included, on a default phpBB install, no password required. Aikido Attack caught this on a routine run. We reported it June 2nd, and phpBB shipped a fix four days later in version 3.3.17. If you haven't upgraded yet, do it now.
AI agents are writing code and pulling in dependencies without anyone reviewing them. That's the new normal.
Last month, 141 packages in the Mastra ecosystem were compromised overnight. LLMs handed the keyboard to everyone. But in doing it, we moved the most dangerous decision in software to somewhere no human is looking.
Omnea ships code 70-80 times a day, more than 80% of it AI-generated, and stays secure with just one security engineer for 50 developers, using Aikido.
Gavin Williams, Engineering Manager at Omnea, breaks down how Aikido makes that possible.
Great conversations at last night's AI Leaders Dinner, co-hosted with our partners @infinum, @AikidoSecurity, @CoderHQ, and @ArizeAI.
Now it's time for two more days at @aiDotEngineer! ๐
Don't miss our CEO, @ivanburazin, speaking today at 11:40 AM: "Kubernetes Is Not Your Sandbox." See you there!
GitHub shipped bulk credential revocation for Enterprise. One action cuts off compromised credentials across the entire org during an active incident.
Recent attacks have shown what happens when revocation is slow or incomplete. The Trivy compromise came back for a second round because the first cleanup left at least one credential alive. Incomplete rotation is what keeps attacks going after the initial breach.
Congratulations to @AikidoSecurity on acquiring Root! ๐
A huge milestone for the open source and application security ecosystem. We're excited to see how Aikido's developer-first approach and Root's backporting expertise help reduce the security burden on maintainers.
Congratulations to the Aikido and Root teams on this exciting new chapter! ๐
Read the full announcement (including a quote from our CTO, Adrian Estrada): https://t.co/DgKdZeh0IF