
.avif)
News

Move over, Mythos. Here comes... pretty much any other model with a good harness
Mythos has real edges in exploit chain construction. But for most AppSec work, the harness around the model matters more than which model you pick.
How to maintain code quality standards with AI code and vibe coding
Vibe coding ships features fast and leaves review debt behind. See how benchmarked, per-rule code quality checks give teams one consistent answer across PRs and repos.
And another one. GitHub ships break-glass credential revocation
Break-glass credential revocation is live on GitHub Enterprise. The Trivy and Microsoft durabletask repeats show why fast, complete revocation was needed..
npm now freezes high-impact accounts after risky account changes
A look at npm's new 72-hour account freeze, what triggers it, what it blocks, and how it works alongside trusted and staged publishing.
Everybody's shipping code they can't read
With AI, everyone's a developer now, and a lot of code gets shipped without a careful review from trained eyes.
Full Fathom Five: The context of Anthropic’s Mythos-class public release
You never needed Mythos to find your IDORs and business logic flaws. A look at what Anthropic shipped with Fable 5, and why infosec stays a people problem at heart.
npm v12 delivers one of the biggest security improvements in years
npm v12 makes install scripts opt-in by default, closing the install-time execution path behind a year of npm supply chain worms from Nx to Red Hat.
Code is being written everywhere, and the device is the only constant
Developers are coding everywhere. AI agents, Slack bots, and MCP servers have made the developer device the biggest security blindspot.
SBOMs in 2026: Everyone's generating them, no one's using them
ENISA's 2026 SBOM adoption report covers 334 organizations and surfaces a consistent gap between generating SBOMs and actually using them. Here is what stood out.
Why EDR and proxy won’t save you from supply chain malware
EDR and proxies weren't built for supply chain malware. When malicious code arrives through npm install, it looks like normal behavior. Here's why that matters.
Move over, Mythos. Here comes... pretty much any other model with a good harness
Mythos has real edges in exploit chain construction. But for most AppSec work, the harness around the model matters more than which model you pick.
Vulnerabilities & Threats
Cut through the noise with real-world CVE breakdowns, malware analysis, exploits, and emerging risks.
Customer Stories
See how teams like yours are using Aikido to simplify security and ship with confidence.
Get secure now
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.



